Keralock

Data Privacy Policy

General introduction
With the following privacy policy, we would like to inform you about how we process your personal data in accordance with the European General Data Protection Regulation (GDPR). The privacy policy applies to all processing of personal data carried out by us within the framework of the keralock.de website. The privacy policy also applies to our presence on social networks and our newsletter.

Controller
Controller within the meaning of the GDPR is
Jocos GmbH
represented by Joachim Fetzer, Bernhard Ruf
Prinz Ludwig Strasse 17
93055 Regensburg
Phone: +49 941 463 703-0
Email: service@keralock.de

Data Protection Officer
You can contact our Data Protection Officer as follows:
secjur GmbH
Falkensteiner Ufer 40
22587 Hamburg
Telephone: +49 40 228 599 520
E-mail: dsb@secjur.com

You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection and the exercise of your rights.

Definition of terms
This privacy policy is based on the terms used in the GDPR. To simplify matters, we would like to explain some important terms in this context in more detail:

Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

General information
Below we provide you with an overview of the personal data we process. To this end, we explain to what extent, for what purposes and on what legal basis we process personal data. We also indicate – if available – which third-party providers we use to receive your data. Finally, we will inform you whether the respective processing by the third-party provider involves a transfer to a third country.

The provision of your personal data is always voluntary. However, it may be that the respective functionality only works if you provide your information (e.g. contact form).

Origin of the data
We may obtain personal data in the following ways:

Information provided by you: You have the opportunity to provide information (e.g. contact details) about yourself on our website.
Automatically collected and generated data: data is automatically collected and generated through the use of our website.
Data collected by third parties: if we maintain a presence on social and professional networks, we may receive data from you via these networks (e.g. if you contact us via a social or professional network or respond to one of our contents shared there).

Legal basis for processing
We will not disclose your personal data to third parties without your consent, unless this is permitted by law (e.g. because this is necessary for the performance of the contract).

The processing of your personal data may be based on the following legal bases:

Art. 6 (1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing operation.
If the processing of personal data is necessary for the performance of a contract to which you are a party, the processing is based on Art. 6 (1)(b) GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures.
If we are subject to a legal obligation that requires the processing of personal data, the processing is based on Art. 6 (1)(c) GDPR in conjunction with the respective standard from which the obligation arises.
Processing operations may also be based on Art. 6 (1)(f) GDPR. Processing operations are based on this legal basis if the processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Transfer to third countries
If we transfer personal data to a third country for processing, we ensure compliance with Art. 44 et seq. GDPR, i.e. before each transfer of personal data to third parties in a country outside the EU or the EEA (Norway, Iceland, Liechtenstein), we check how an adequate level of protection can be guaranteed. An adequate level of protection can be ensured, among other things, by the existence of an adequacy decision by the EU Commission, by the fact that we have concluded standard data protection clauses with the recipient and have taken further additional measures, or by the fact that the third country transfer is permitted under other guarantees regulated in Art 46 et seq. GDPR is permissible. If the data transfer takes place on the basis of Art. 46, 47 or 49 (1) GDPR, you can obtain a copy of the guarantees for the existence of an adequate level of data protection in relation to the data transfer or a reference to the availability of a copy of the guarantees from us. Please contact us for this purpose.

Transfer to third parties
As part of our processing of personal data, personal data may be transferred to other recipients or disclosed to them. The recipients of this personal data may include, for example, service providers commissioned with IT tasks or providers of services and content that are integrated into a website. In such cases, we observe the legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your personal data that serve to protect your personal data.

Deletion of data
The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consent granted for processing is revoked or other permissions cease to apply (e.g. if the purpose of processing this personal data no longer applies or it is not required for the purpose). If the personal data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the personal data is blocked and not processed for other purposes. This applies, for example, to personal data that must be retained for commercial or tax law reasons or whose storage is necessary for the assertion, exercise or defense of legal claims or to protect the rights of another natural or legal person.

Our data protection notices also contain further information on the retention and deletion of personal data, which apply primarily to the respective processing operations.

Provision of the website
If you use this website for purely informational purposes without transmitting data to us in any other way (e.g. by registering or using the contact form), we collect technically necessary data via server log files, which are automatically transmitted to our server, e.g:

IP address
Date and time of the call
Amount of data transferred
Notification of successful retrieval
Browser type and version
operating system of the user
Referrer URL (the previously visited page)
requesting provider

The temporary storage of the data is necessary for the course of a website visit in order to be able to display our website to you. This processing is technically necessary to ensure the functionality of the website and the security of the information technology systems. The legal basis for processing is therefore Art. 6 (1)(f) GDPR to guarantee the provision, security and stability of our website.

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the provision of the website, this is the case when the respective session has ended. The log files are stored for 24 hours directly and only accessible to administrators. After that, they are only available indirectly via the reconstruction of backup tapes and are permanently deleted after 4 weeks.

We use storage space, computing capacity and software that we rent or otherwise obtain from the server provider Host Europe GmbH (web host) to provide our online offering.

Contact form
You have the option of contacting us via the “Contact form” on our website. We process the following personal data from you when you contact us and respond to your inquiry: E-mail address, communication content, first and last name.

If you contact us as part of an existing contractual relationship or contact us in advance for information about our range of services or our other services, the personal data you provide will be processed for the purpose of processing and responding to your contact request in accordance with Art. 6 (1)(b) GDPR. Otherwise to safeguard our legitimate interests in accordance with Art. 6 (1)(f) GDPR for the purpose of responding appropriately to customer/contact inquiries.

We delete your personal data as soon as it is no longer required to achieve the purpose for which it was collected. In the case of contact inquiries, this is generally the case when it is clear from the circumstances that the specific matter in question has been conclusively dealt with.

Newsletter and electronic notifications
If you would like to receive information about our new products and services, you can subscribe to our newsletter. In addition to your e-mail address, we process the following personal data when sending the newsletter: First name.

If you would like to receive information about our new products and services, you can subscribe to our newsletter. We only process your e-mail address when sending the newsletter.

The advertised goods and services are named in the declaration of consent. We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you are the owner of the e-mail address provided and that you wish to receive the notifications. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

The legal basis for sending our newsletter is Art. 6 (1)(a) GDPR your given consent. You can revoke your consent to receive our newsletter at any time by clicking on the unsubscribe link in the emails or by sending your revocation by email to our email address or by post to the contact details given in the legal notice. Your personal data will then be removed from the mailing list.

In addition, you can also give your consent for us to evaluate your user behavior when sending the newsletter. Our newsletters contain so-called tracking links that enable us to analyze the behavior of newsletter recipients. For example, we can analyze how many recipients have opened the newsletter message and how often which link in the newsletter was clicked on. This enables us to statistically evaluate the success or failure of online marketing campaigns. The personal data collected through the tracking links is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to your interests.

You can object to this tracking at any time by clicking on the separate link provided in each email or by informing us via another contact method as described above and withdrawing your consent. The information will be stored for as long as you have subscribed to the newsletter. After unsubscribing, we store the data purely statistically and anonymously.

We use an external provider, GetResponse, to send our newsletter. This service provider receives your e-mail address and other necessary data in order to send the newsletter on our behalf.

Keralock store
If you place orders in our store, the data protection declaration of the Keralock store applies, which is available at LINK.

Presence in social networks (social media)
We maintain publicly accessible profiles in various social networks. Your visit to these profiles triggers a variety of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profiles.

When you visit our profiles, your personal data is not only collected, used and stored by us, but also by the operators of the respective social network. This happens even if you yourself do not have a profile on the respective social network. The individual data processing operations and their scope differ depending on the operator of the respective social network and they are not necessarily traceable for us. For details on the collection and storage of your personal data as well as the type, scope and purpose of its use by the operator of the respective social network, please refer to the following explanations.

Facebook
When you visit our Instagram page, certain information about you is processed. We can only view the information stored in your public Instagram profile (such as your profile picture or information that you share on a public Instagram profile) – and only if you have such a profile and are logged into it while you visit our Instagram page.

In addition, the operator of the platform, Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublin 4, Ireland (Meta), provides us with anonymized statistics and insights for our Instagram page, which help us gain insights into the types of actions people take on our page (so-called page insights). These page insights are created on the basis of certain information about people who have visited our site.

The processing of your personal data in connection with the operation of our Instagram company profile is based on a balancing of interests in accordance with Art. 6 (1)(f) GDPR in order to offer you a contemporary and supportive information and interaction opportunity with and about us. Furthermore, the processing serves our legitimate interest in evaluating the types of actions taken on our Instagram company profile and improving our company profile based on these findings. The legal basis for this processing is therefore Art. 6 (1)(f) GDPR. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 (1)(b) GDPR.

Page Insights are processed by Meta and us as joint controllers. We cannot attribute the information obtained via the Page Insights to individual Instagram profiles that interact with our Instagram page. We have entered into a joint controllership agreement with Meta, which sets out the allocation of data protection obligations between us and Meta. Details of the processing of personal data for the creation of Page Insights and the agreement concluded between us and Meta can be found at https://privacycenter.instagram.com/policy. With regard to this data processing, you have the option of asserting your rights as a data subject (see “Your rights as a data subject”) against Meta. Further information on this can be found in Instagram’s privacy policy (https://help.instagram.com/155833707900388) Meta offers the possibility to object to certain data processing; you will find information and opt-out options in your account.

Please note that user data is also processed in the USA or other third countries in accordance with the meta data protection provisions. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Meta is certified under the EU-U.S. Data Privacy Framework.

Instagram
When you visit our Instagram page, certain information about you is processed. We can only view the information stored in your public Instagram profile (such as your profile picture or information that you share on a public Instagram profile) – and only if you have such a profile and are logged into it while you visit our Instagram page.

YouTube channel
We operate a “YouTube channel” to draw attention to our services and service offerings and to interact with our customers and visitors to the YouTube channel(users). The video platform is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland(Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;(Google)).

If you contact us via our YouTube channel, e.g. by commenting on one of our videos, we will process your data (e.g. your name and the content of the communication) in order to deal with your request. If necessary, we will also process your data to assert legal claims and defend you in the event of legal disputes in connection with your contributions. The legal basis for the processing of the data that we collect in connection with the use of our company website is our legitimate interests pursuant to Art. 6 (1)(f) GDPR, in order to offer you a contemporary and supportive information and interaction opportunity with and about us and to better present our services and service offerings. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 (1)(b) GDPR.

When you visit our YouTube channel or other pages of the YouTube platform, Google Ireland collects so-called usage data. Google Ireland also uses certain data that it has collected from users of the YouTube platform (e.g. which videos users watch) to compile aggregated usage statistics and make them available to the respective operators of the YouTube channel(YouTube Analytics). We also receive such aggregated usage statistics. The information we receive from YouTube Analytics does not allow us to draw any conclusions about individual users. We ourselves do not have access to personal data that Google Ireland processes for YouTube Analytics. Google Ireland determines which data is processed for YouTube Analytics and how. Google Ireland provides information on this in its privacy policy (https://policies.google.com/privacy?hl=de).

The personal data is also transferred to the USA. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework.

Cookies
Cookie banner
When you visit our website or a sub-website for the first time and it contains cookies, a “cookie banner” will be displayed. There you will be informed about the individual cookies we use. You can find out the name of each individual cookie, the provider, the purpose of processing and the storage period.

Our cookie banner informs you about the specific cookies we use. In addition, we give you the opportunity to decide whether you want to consent to the setting of non-essential cookies. You can also allow us to use non-essential cookies and revoke this decision at any time. The following are processed:

Usage data (e.g. websites visited, time of access)

Meta and communication data (e.g. IP address)

The legal basis for the use of the cookie banner is Art. 6 (1)(f) GDPR. We have an overriding legitimate interest in using the cookie banner, which enables us to obtain the legally required consent for the use of non-essential cookies and to comply with our duty to provide information regarding cookies.

The cookie banner stores the preferences until you reset or customize them. The cookie banner is provided by the provider Complianz BV.

Cookie policy
Detailed information, in particular on the individual cookies used, can be found in our cookie policy at https://www.keralock.de/cookie-richtlinie-eu.

Other external services on the website
As part of our website offering, we use other third-party services to provide certain functions, improve user-friendliness or display content efficiently. This may involve the transfer of personal data, such as IP addresses or usage data, to these third-party providers. Processing is based on legitimate interests in accordance with Art. 6 (1)(f) GDPR or on your consent in accordance with Art. 6 (1)(a) GDPR, depending on the type and purpose of the respective service.

Google AdSense
Our YouTube videos may contain advertisements through the integration of Google AdSense. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google AdSense uses so-called “cookies” and similar technologies to analyze the use of our website and to display personalized or non-personalized advertising to users. Personal data such as your IP address and usage data (e.g. pages viewed, click behavior, browser type) may be transmitted to Google.

The integration of Google AdSense enables us to display contextual and interest-based advertising and thus serves to refinance our website. The legal basis for the use of Google Adsense is the voluntary and revocable consent given by you in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.

Google stores personal data collected in the context of AdSense for as long as is necessary for the provision of services, compliance with legal obligations or the settlement of disputes. The specific storage period of the processed data is determined by Google Ireland Limited and cannot be influenced by us. Further information on data usage by Google Adsense can be found here: https://policies.google.com/technologies/ads.

The personal data may also be transferred to the USA or other third countries. The European Commission has issued an adequacy decision pursuant to Art. 45 (3) GDPR for the EU-U.S. Data Privacy Framework. On the basis of this decision, data transfers to organizations based in the USA that are certified accordingly are permitted. Google is certified under the EU-U.S. Data Privacy Framework. In addition, the EU standard contractual clauses issued by the European Commission have been concluded with Google. This is intended to ensure that an appropriate level of data protection is also guaranteed for processing outside the EU.

Google Analytics
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, the subpages visited and the time spent by visitors. Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users. This information is used, among other things, to compile reports on website activity.

We process data with the help of Google Analytics for the purpose of optimizing our website and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given your consent via our cookie banner. Consent is voluntary and can be revoked at any time with effect for the future.

The specific storage period of the processed data is determined by Google Ireland Limited and cannot be influenced by us. However, we have configured Google Analytics so that user data is automatically deleted after 14 months. Further information can be found in Google’s privacy policy (https://policies.google.com/privacy?hl=en-US).

Further information on the individual Google Analytics cookies we use can be found in the cookie banner.

Google Fonts
We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on our legitimate interests, i.e. our interest in the uniform provision and optimization of our online offer in accordance with Art. 6 (6)(f) GDPR.

Since no data is transferred to Google, the storage of personal data by Google is not relevant. Further information on Google Fonts in general can be found in Google’s privacy policy: https://policies.google.com/privacy

Google Photos
We use the Google Photos service on our website to display images or image galleries. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When you visit a page that contains Google Photos content, a connection to Google’s servers is established. Personal data such as your IP address and technical usage data (e.g. browser type, operating system, time of access) may be transmitted to Google. This happens regardless of whether you have a Google account or are logged in to it.

The legal basis for the use of Google Photos is the voluntary and revocable consent given by you in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by making the appropriate changes or adjustments in your cookie settings.

We do not store any personal data in connection with the integration of Google Photos. The processing and possible storage of the data is carried out exclusively by Google. Information on the storage period of the data collected by Google can be found in Google’s privacy policy (https://policies.google.com/privacy?hl=de).

Google Tag Manager
We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a solution with which website tags can be managed and integrated via an interface – e.g. for the integration of analysis or marketing services (such as Google Analytics). Google Tag Manager itself does not process any personal user data. However, the triggering of other tags can, under certain circumstances, trigger the processing of personal data. Google Tag Manager itself does not interfere with this data processing. However, a connection to Google’s servers is established when the Google Tag Manager is loaded. This may result in the transmission of data (e.g. IP address) to Google.

The integration of Google Tag Manager takes place on the basis of Art. 6 (1)(a) GDPR, provided that you have given your consent via our cookie banner. Consent is voluntary and can be revoked at any time with effect for the future by changing the settings in the cookie banner.

The Google Tag Manager itself does not store any personal data. The storage period of the data processed via individual tags (e.g. by Google Analytics) depends on the respective services. Information on the storage period and deletion of this data can be found in the relevant sections of this privacy policy and in the privacy policies of the respective providers. You can find more information about Google Tag Manager in Google’s privacy policy at https://policies.google.com/privacy.

YouTube
Our website uses plugins from the YouTube video platform to embed videos and play them directly on our website. The video platform is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland(Google Ireland). Google Ireland is a company affiliated with Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;(Google)).

If you activate embedded videos on our website, a connection to the YouTube servers is established and a data transfer is started. We have no influence on the scope and content of the data that is transmitted to YouTube and possibly other YouTube partners by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, improve user-friendliness and prevent abusive behavior. YouTube uses cookies to collect information about user behavior. The cookies remain on your device until you delete them. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button. Further information on the handling of user data can be found in Google’s privacy policy (https://policies.google.com/privacy).

The legal basis for this use is the voluntary and revocable consent given by you in accordance with Art. 6 (1)(a) GDPR. You can revoke your consent at any time with effect for the future by making the corresponding changes or adjustments in your cookie settings.

The YouTube videos are integrated in the so-called “extended data protection mode”, which, according to the provider, only initiates the storage of user information when the video(s) is/are played. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

Your rights as a data subject
As a data subject, you have various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR. If you wish to exercise one of your rights, please contact us via the contact addresses given above or our data protection officer.

Right of objection
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point f Article 6(1)(e) or (f) GDPR, including profiling based on those provisions. If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right of access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and to obtain access to this personal data as well as further information and a copy of the personal data in accordance with the legal requirements.

Right to rectification
In accordance with the statutory provisions, you have the right to request the completion of personal data concerning you or the rectification of inaccurate personal data concerning you.

Right to erasure and restriction of processing
You have the right to obtain from us the erasure of personal data concerning you without undue delay where one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.

Restriction of processing
You have the right to demand that we restrict processing if one of the legal requirements is met.

Right to data portability
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format in accordance with the legal requirements or to request its transmission to another controller.

Right to withdraw consent
You have the right to withdraw your consent at any time.

Complaint to the supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Amendment and updating of the privacy policy
We will amend the privacy policy as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

If we further develop our website and our offers or if legal or official requirements change, it may be necessary to amend this data protection notice. You can access the current data protection information at any time here.

Status: August 2025

Data Privacy Policy

Company

Follow us

Newsletter