EU Data Act Compliance: Smart Lock System

November 24, 2025

Document Title: Data Information Notice for Connected Lock Products (in accordance with Regulation (EU) 2023/2854)

Manufacturer and Service Provider: iglooco

Last Updated: Nov 20, 2025

Transparency and Pre-Contractual Information

We are committed to providing you with comprehensive information about your rights under the EU Data Act (DA), which expands your control over your data and obliges us to be more transparent regarding the data generated by your connected products.

Scope: This notice applies to all igloo locks, devices and services controlling these connected products ("related services") where the Product is placed on the market in the European Union and/or the User is established or located in the European Union.

Declaration of Conformity: We ensure that our data sharing and storage practices comply with applicable EU regulations, including the General Data Protection Regulation (GDPR) and the Data Act. Data is stored securely and is not shared with third parties without the user’s explicit consent, except where required by law or in response to public emergencies.

Section 1: Definitions (for purposes of this Notice)

  1. Account Owner

    “Account Owner” means the natural or legal person who first registers the connected lock within the igloo App and thereby establishes the principal account controlling that device. The Account Owner exercises full administrative rights over the lock, including the authority to register, authorise, or revoke other users’ access credentials; manage usage data; and delete the lock or associated account at any time.

  2. User

    “User” means any natural person who has been granted access rights to operate a connected lock by the Account Owner, whether through an assigned password, digital key, one-time passcode (OTP), biometric credential, or other authentication method registered within the igloo App or related platform.

    Users may include family members, tenants, guests, employees, or contractors. The User’s ability to operate or interact with the lock is determined solely by the Account Owner, who may at any time register, modify, or revoke such permissions.

    Under the EU Data Act, Users are recognised as “users of the product or related service” and may exercise rights to access, retrieve, or request deletion of the data generated by their own use.

  3. Data Holder

    “Data Holder” means igloo, as the manufacturer and service provider that collects, stores, and processes data generated by the connected locks and related software on behalf of Account Owners and Users.

Section 2: Data Identification, Purpose, and Storage

The types and volume of data generated vary depending on the device, software version, functionalities, configurations, and how the device is used.

A. Data Generated by Smart Locks and Software Platforms

Data Type

Description

Purpose/Function

Accessibility for Users

Device Access Logs

Records of who opened or closed the door, when, and how (e.g., via app, fob, keypad). Includes date, time, and access method.

Core function of the device, enhancing user security and control.

Visible in App, export through request only by Account Owner. To be provided by Igloo upon request within 3 working days

Status Data

Battery level, Wi-Fi connection status, Door Status.

Enables the core functionality of the device.

Visible in App, export through request only by Account Owner. To be provided by Igloo upon request within 3 working days

Access Data

List of Users and devices authorized to access the Smart Lock.

Enables the core functionality of the device/Access Control.

Visible in App, export through request only by Account Owner of the lock(s). To be provided by Igloo upon request within 3 working days

Account/User Data

User Password, User ID/email address, contact number, fingerprint (stored locally or in encrypted form), country, timezone

User identification/ authentication; to allow secure unlocking.

Managed via device; deletable at any time through the Account Owner.

Telemetry and Analytics Data

Device usage frequency, device model, OS version, country, user data, performance metrics, error codes and crash logs.

Diagnostics, service improvement, and performance optimization.

Available upon request in machine readable format. To be provided by Igloo upon request only by the Account Owner within 3 working days.

Cryptographic Keys and Biometric Data

Cryptographic keys for the normal operation of the lock

This set of data is required to communicate securely with the lock device(s) to be successfully connected

This set of data will not be provided as releasing this would compromise the integrity of the product and could pose a significant security risk.

B. Data Storage and Retention

  1. Storage Location: Data generated by the devices is stored securely on Amazon Web Services (AWS) servers located outside of the EEA or the UK, in accordance with our Privacy Policy. Appropriate safeguards, such as contractual and technical measures, are implemented to ensure an adequate level of data protection.

  2. Retention Periods:

    • Analytics Data: Data shared for analytics purposes, retained in a non-personally identifiable way, may be kept on servers for up to 7 years.

    • Activity Log: Log of device interactions is maintained for as long as the device is paired.

    • Account Data: Deleted upon user request or account termination.

Section 3: User Access, Export, and Control Rights

In accordance with the EU Data Act, users have the right to access, retrieve, and export data generated by their connected devices.

A. Access and Exporting Data

  1. Access Data: Users can view certain data directly within the app or device settings.

  2. Export via Request: Data can be requested from us.

    • Procedure: Users must submit an informal request via email to [support@igloohome.co]

    • Format: We will provide the data in a common, machine-readable format after a successful review.

    • Identity Verification: For security, identity verification is required to ensure only the authorized user accesses the data.

B. Data Sharing with Third Parties

Users may export their device data and share it with third parties at their discretion.

  1. Initiating Ongoing Sharing: For ongoing data sharing with an authorized third party, a formal request must be submitted via customer support by emailing support@igloohome.co

  2. Agreement: The authorized third party must submit a request, and we will agree on the arrangements for providing access to data that personally identifies the user and is available to us

C. Data Deletion

  1. Device-Specific Deletion: Users may self-initiate the permanent deletion of associated lock(s) by unpairing the device and selecting the “Delete lock” option within the App.

  2. Account Deletion: Users can choose to delete their entire account and all associated data requesting our customer service team. This action may be non-reversible.

D. Data Access by Public Authorities

Under the EU Data Act, igloo may be required to share certain data with public-sector bodies in situations of exceptional need (e.g., public emergencies). Any such disclosure will:

  • Be limited to what is strictly necessary and proportionate;

  • Be logged and documented; and

  • Be communicated to affected users unless legally prohibited.

Section 4: Enforcement and Contact

Customer Support and Privacy Contact: For questions or assistance regarding data protection practices:

  • Customer Service: support@igloohome.co

Right to lodge a Complaint: You have the right to lodge a complaint with the relevant competent authority designated under Article 37 of the EU Data Act, in the Member State of your habitual residence, place of work, or establishment.