The present Privacy Policy ("Privacy Policy") describes how Talleres de Escoriaza S.A.U. ("TESA") collects, uses, stores, shares, and protects personal data ("Personal Data") of its Clients (the "Client") through the website https://keymanager.assaabloy.com (the "Website" or "Key Manager") or any other means enabled within the framework of the relationship established as a result of the contracting of its products and services.

The Client guarantees: (a) the authenticity and accuracy of all data (especially but not limited to personal data) communicated through the Website; (b) that the personal data belongs to themself or that they have permission from the data subject to use such data; (c) and that they will keep the provided information updated to reflect their current situation, being solely responsible for any false or inaccurate statements made, as well as for any damages caused to TESA or third parties.

1. Who is responsible for the processing of your personal data?

The entity responsible for the processing of your Personal Data is Talleres de Escoriaza S.A.U., a company belonging to the Assa Abloy Group, with registered office at Barrio Ventas, 35 - 00, 20305, Irún (Gipuzkoa), CIF A20664785, and email address marketing@tesa.es ("TESA").

For any questions related to the processing of your Personal Data, you can contact the responsible person at marketing@tesa.es, who will ensure compliance by the company with the provisions of data protection legislation and guarantee your rights under said legislation.

2. What categories of Personal Data will be processed?

As you know, TESA is the leading manufacturer in Spain of closure and access control solutions for the residential and institutional market, and it is concerned about your safety and comfort. TESA will process the Client's Personal Data within the framework of its contractual relationship or the application of pre-contractual measures requested by the Client.

The Personal Data processed by TESA includes, in particular, the following categories and types of personal data: identifying and contact details (mainly, name and surname, phone number, email address, password to access the Client area of the Website); data related to purchased products or services (information regarding purchased products, card number, and key number); and technical and location data (IP address and other browsing data).

TESA advises the Client not to provide personal data that they do not want TESA to have access to or that are not necessary within the framework of the services contracted by the Client.

3. For what purposes are your personal data processed?

The Personal Data you provide will be processed by TESA for the following purposes:

(a) The formalization, management, and development of your contractual relationship as a Client of TESA. The purpose described above includes, for illustrative purposes only, the Client's registration in Key Manager, the management of their contractual relationship through said functionality, or the sending of communications necessary in relation to the use of Key Manager (for example, informing the Client of attempts to make a copy of their key, or the process of requesting a new ownership card).

(b) Responding to requests, complaints, doubts, and inquiries that the Client may convey to TESA within the framework of their contractual relationship, their intention to register in Key Manager, their intention to contract any product or service from TESA, or in relation to the Client's use of Key Manager.

(c) Compliance with legal obligations that may be applicable to TESA.

(d) Sending commercial communications, if consented to, regarding the access and security products and services provided by TESA in the indicated sector.

4. What are the legal bases for processing your personal data?

The legal bases for processing the Client's data for the purposes indicated in the preceding sections (a) and (b) are the application of pre-contractual measures and the execution of the contract between TESA and the Client. On the other hand, the legal basis legitimizing the processing of the Data for the purpose described in section (c) is compliance with legal obligations. The processing of the Client's Personal Data linked to these purposes is strictly necessary to fulfill their contractual relationship.

Regarding the sending of commercial communications, as described in the preceding section (d), the legal basis for the processing is your prior and explicit consent provided for this purpose. Please note that you may withdraw this consent at any time without affecting the provision of services. In particular, you can withdraw your consent at any time from the web application in the settings section.

5. How long will your personal data be retained?

TESA will retain your Personal Data for the duration of your contractual relationship, and thereafter, your Personal Data will be retained, albeit duly blocked, for the period necessary to fulfill any responsibilities that may arise from it or until you revoke the consent you have provided. In such case, once you have withdrawn your consent, TESA will retain your personal data for the time necessary to respond to any liabilities that may have arisen.

6. Who will have access to your personal data?

Only those third parties to whom TESA is legally obligated to provide them will have access to the Personal Data, as well as companies to whom TESA has entrusted the provision of auxiliary services as data processors and therefore subject to the corresponding confidentiality obligations. Additionally, TESA may disclose the Client's personal data when required by law, in the context of legal proceedings, or to investigate suspicious activity.

In the event that it is necessary to transfer your Personal Data outside the European Economic Area, TESA undertakes, when doing so, to strictly comply with the requirements and safeguards established for this purpose in the applicable regulations.

7. What are your rights when you provide us with your personal data?

You can exercise the following rights regarding data protection:

• Access: You may obtain confirmation as to whether your personal data is being processed and consult the specific personal data being processed.
• Rectification/Modification: You may modify your personal data if it is inaccurate, as well as complete any incomplete data.
• Erasure: You may request the deletion of your personal data when, among other reasons, the data is no longer necessary for the purposes for which it was collected.
• Objection: You may request that your personal data not be processed. The data will cease to be processed, except for compelling legitimate reasons, or the exercise or defense of potential claims.
• Portability: You may receive, in electronic format, the personal data you have provided and those obtained from your contractual relationship with TESA, as well as transmit them to another entity.
• Restriction of processing: You may request the restriction of processing of your data in the following cases: (i) while the accuracy of your data is being verified; (ii) when the processing of your data is unlawful and you oppose the deletion of your data; (iii) when your data is no longer needed but you need it for the exercise or defense of claims; and (iv) when you have objected to the processing of your data for the performance of a task carried out in the public interest or for the satisfaction of a legitimate interest, while verifying whether the legitimate grounds for processing prevail over yours.
• Furthermore, as indicated, you can withdraw your consent at any time without affecting the processing of data carried out by TESA before such withdrawal.

You can exercise your rights and/or withdraw your consent at any time from the web application in the settings section.

Additionally, you can also file a complaint with the competent supervisory authority, in Spain, the Spanish Data Protection 

Agency (www.aepd.es).

8. Modifications to the Privacy Policy

TESA reserves the right to modify this Privacy Policy as a result of new data processing activities, the modification of existing ones, as well as due to new legislative or regulatory requirements, security reasons, or to adapt the Privacy Policy to instructions eventually issued by data protection authorities or new processes.

TESA takes the necessary measures to communicate any changes to this Privacy Policy and will publish any updates to our privacy policies on the Website. Moreover, in the event of significant changes, TESA will duly inform Clients through the Website to provide them with the opportunity to review the changes and, if necessary, accept them before they become effective.