Data protection and data security in the Smart Home

The following applies to servers, operating devices and actuators, as well as all Smart Home devices used in the home: Data protection and technical data security are particularly important issues that must be handled appropriately. Smart Home projects always involve sensitive personal data that you as an installer can access – like the number of residents, when they are at home and when they are out, user behaviour and frequently also camera images in which people are visible. Thanks to our years of experience, we can help you with all your questions and tasks relating to data protection and data security.

  • Gira online seminars on data protection and data security
  • Solutions for the secure Smart Home
  • An increasing number of Gira products meet the KNX Secure Standard
  • With the S1, the customer network can be accessed via the VPN
  • Gira contact persons for electricians

Our recommendations for greater data security

Pro­tect­ing per­sonal data, safe­guard­ing tech­nical sys­tems – we have sum­mar­ised the most im­port­ant things you need to keep in mind re­gard­ing these two top­ics. With this know­ledge, you will be well pre­pared for your next Smart Home pro­ject. For the con­trac­tual pro­tec­tion of per­sonal data, you can down­load a tem­plate to be used as a sup­ple­ment to the con­tract. From a tech­nical stand­point, there is also a lot that can be done to pro­tect data and net­works. And we are also happy to sup­port you per­son­ally.

Encrypted communication through KNX Secure

Install important security standards with the product itself by choosing KNX Secure capable devices.

Use secure passwords

The axiom holds just as true for a Smart Home as for any com­puter or smart­phone: Strong pass­words are a basic con­di­tion for se­cur­ity.

Update regularly

For se­cur­ity pur­poses, it is im­port­ant that the tech­no­logy is al­ways up to date. The device and sys­tem soft­ware is reg­u­larly op­tim­ised by Gira.

Inform customers about data protection

Give your cus­tom­ers com­pre­hens­ive in­form­a­tion about the im­port­ant topic of data pro­tec­tion and data se­cur­ity.

Use contracts to protect privacy

In­tel­li­gent build­ing tech­no­logy also in­volves sens­it­ive per­sonal data to which you, as the in­staller, have ac­cess. Ad­dress this issue with the cus­tomer.

Considering data security in cost calculation

Hard­ware and pro­gram­ming costs for data se­cur­ity within the net­work should be taken into ac­count when cal­cu­lat­ing costs. 

Group network into VLAN segments

An im­port­ant method for in­creas­ing se­cur­ity is to di­vide the data net­work into mu­tu­ally pro­tec­ted zones.

Prevent unauthorised access

En­sure in­creased se­cur­ity and provide a se­cure method of ex­ternal ac­cess for your cus­tom­ers.

You can find more information about the Gira S1 here.

Observe safety standards for wireless networks

Wire­less net­works (WLAN) can also be well pro­tec­ted. But sig­ni­fic­antly higher safety stand­ards are es­sen­tial.

Encrypted communication through KNX Secure

Install important security standards with the product itself by choosing KNX Secure capable devices.

Use secure passwords

The axiom holds just as true for a Smart Home as for any com­puter or smart­phone: Strong pass­words are a basic con­di­tion for se­cur­ity.

Update regularly

For se­cur­ity pur­poses, it is im­port­ant that the tech­no­logy is al­ways up to date. The device and sys­tem soft­ware is reg­u­larly op­tim­ised by Gira.

Inform customers about data protection

Give your cus­tom­ers com­pre­hens­ive in­form­a­tion about the im­port­ant topic of data pro­tec­tion and data se­cur­ity.

Use contracts to protect privacy

In­tel­li­gent build­ing tech­no­logy also in­volves sens­it­ive per­sonal data to which you, as the in­staller, have ac­cess. Ad­dress this issue with the cus­tomer.

Considering data security in cost calculation

Hard­ware and pro­gram­ming costs for data se­cur­ity within the net­work should be taken into ac­count when cal­cu­lat­ing costs. 


Gira S1


KNX Secure

Smart, but secure: the KNX Secure Standard in the Smart Home.

The more connected and digitalised our daily life becomes, the greater the need to protect smart installations from tampering and attacks. This is why we recommend Gira KNX Secure. We have integrated the world’s first manufacturer- and application-independent security standard for smart buildings into many of our products for more data security in the Smart Home.

How KNX Secure works.

KNX Secure extends the KNX IP protocol so as to reliably safeguard transmitted data (KNX IP Secure). It also protects the classic KNX protocol using encryption and authentication. The security mechanisms take effect as soon as the KNX system is started up via the ETS. Subsequently, during operation, data communication is protected against unauthorised access, tampering and eavesdropping.

Highlights, facts and benefits


Gira Academy

  • High level of security in the KNX installation, for each individual system
  • .Protection from unauthorised access to the installed KNX Secure devices by third parties.
  • Protection from eavesdropping of data communication between KNX Secure devices.
  • Cross-manufacturer standard for interoperability with other KNX products.
  • Secure and non-secure communication can be combined on a single device.

Attend trainings and always be up to date

Sys­tems and re­quire­ments change, ex­ist­ing stand­ards are re­vised, new ones are cre­ated. On the sub­ject of se­cur­ity, it is vital to be al­ways up to date and to be aware of the latest de­vel­op­ments. Reg­u­larly at­tend train­ing sem­inars on the sub­ject in order to keep well in­formed. The Gira sem­inars give you a good over­view of the sub­ject in a very con­densed form.

Secure remote access to the Smart Home, including via VPN

With the Gira S1, users can connect easily and reliably to their KNX Smart Home or Gira Alarm Connect security system when they are on the move. Thanks to the new VPN connection, the Gira S1 now offers an additional way of securely accessing the customer’s system remotely. This allows you to control and maintain network devices easily and securely while on the move, including telephone systems, camera systems, networks and other systems.

Highlights, facts and benefits

  • Easy, fast and stress-free setup of VPN access to a home network.
  • An additional way of securely connecting to the customer’s system.
  • Also allows remote maintenance of telephone systems, camera systems, networks and more.
  • Users can access their home’s data independently while on the go.
  • Send push notifications to the Gira Smart Home App
  • Full KNX Secure support, including secure tunnelling connection between Gira HomeServer and Gira S1.
Recommendations Gira S1 KNX Secure Gira Academy

Cookie consent

By clicking “Accept all”, you consent to Gira using cookies and similar technologies and processing your website usage data to improve this website and to create your user profile in order to show personalised advertising. Please note that Gira also shares information about your use of the website with our social media, advertising and analytics partners.

You also consent to Gira and third parties processing your website usage data in third countries deemed not to be secure outside the EEA for these purposes, even if a level of data protection comparable to EU law is not guaranteed. Among other things, there is a risk that authorities there can access the processed data and that the rights of data subjects are compromised or excluded.

You can change your settings at any time by clicking the “Cookie settings” link at the bottom of any page. You can withdraw your consent there at any time with future effect.

All cookies that we require in order to display the site to you.

Data processing purposes:

  • Private customer site: Use of all the site's session-based features
  • Business customer site: Authentication, preferences and caching of user inputs

Categories of personal data:

  • Private customer site: IP address, duration of session, user browser, end device
  • Business customer site: Settings and preferences. Including name, address and e-mail if a contact form is filled out. (For reuse on another form within the same session), IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable:

  • Article 6(1)(f) GDPR
  • Legitimate interests pursued: See data processing purposes

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:

  • Storage of data for the duration of the session, until the browser is closed
  • Time of storage: When loading the page

Data processing purposes:Serves to maintain the status of the Home Assistant configuration when using the Gira Home Assistant

Categories of personal data:IP address, configuration ID – a personal reference is only available when configuration is completed (tradesperson selected and data entered)

Legal basis and legitimate interests pursued, if applicable:

  • Article 6(1)(f) GDPR
  • Legitimate interests pursued: See data processing purposes

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:Duration of the session

Data processing purposes:Authentication in the Gira device portal (SDA portal)

Categories of personal data:IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable:Article 6(1)(b) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • ISE Individuelle Software und Elektronik GmbH

Third country transfer:None

Validity period of the cookie:Duration of the session

Data processing purposes:Optimisation of the site for different browser types

Categories of personal data:IP address, duration of session, user browser, end device

Legal basis and legitimate interests pursued, if applicable:Article 6(1)(f) GDPR

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:Duration of the session

Data processing purposes:Protection against cross-site scripts

Categories of personal data:IP address, duration of session, user browser, end device

Legal basis and legitimate interests pursued, if applicable:Article 6(1)(f) GDPR

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:2 hours

Data processing purposes:Transmission of registration role for displaying relevant information and services

Categories of personal data:IP address (anonymised), target group classification (building owner/end user, specialised tradesperson, planner, wholesaler, architect)

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Article 6(1)(f) GDPR
  • Legitimate interests pursued: See data processing purposes

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:6 months

Use of cookies and similar technologies to improve our website and offers.

Data processing purposes:Statistical analysis of website usage

Categories of personal data:IP address (anonymised/abbreviated), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page view, load time, operating system, screen size, referrer, time of previous visits, number of visits

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:Internal departments, in so far as access is necessary for task fulfilment

Third country transfer:None

Validity period of the cookie:

  • 12 months
  • Time of storage: Following consent

Data processing purposes:Verification of whether data entry on websites is done by a human or by an automated program

Categories of personal data:

  • Private customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user
  • Business customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user, date and time of the visit to the website in question, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:12 months

Data processing purposes:Analysis of website usage. Google Analytics examines, among other things, the location of visitors and the length of time spent on individual pages, thus enabling better page and feature optimisation.

Categories of personal data:Location, time or frequency of visits to our website, IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:14 months

Data processing purposes:Management of website tags via an interface

Categories of personal data:IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:14 months

Data processing purposes:Showing of videos

Categories of personal data:

  • Private customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user
  • Business customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user, date and time of the visit to the website in question, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:Vimeo, LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:longer than 12 months

Data processing purposes:Hotjar allows us to create a kind of heat map of selected pages. This allows us to see how users navigate around the site. We can see where they click, how far they scroll and how they move around the page.

Categories of personal data:- IP address, heat maps of usage

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Hotjar Ltd.

Third country transfer:None

Validity period of the cookie:12 months

Data processing purposes:Showing of videos

Categories of personal data:IP address, date and time and the website visited

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:longer than 12 months

Data processing purposes:Display of interactive maps

Categories of personal data:IP address (anonymised), date and time of the visit to the relevant website, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:12 months

To be able to recognise your interests and show products customised to you.

Data processing purposes:Doubleclick can be used to place and manage adverts on a website. When, where and how often they should appear is controlled by the operator via campaigns.

Categories of personal data:IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:14 months

Data processing purposes:Gira marketing and sales processes can be digitised and automated by tracking how Gira offers are used. By separating subscribers from website visitors, targeted and more personalised information can be provided. Increased attention enables more follow-up activities and increased customer satisfaction can also be achieved.

Categories of personal data:Date and time, type (object, e.g. eMailing, LeadPage), browser referrer, user agent, link ID (optional), object IDs, optional object-dependent information, individual transfer parameters, geocoordinates or alternatively IP-based geocoordinates (for forms with address entry) via Locr GmbH (recording postal addresses without first and last names) with server location in Germany

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • SC Networks GmbH

Third country transfer:None

Validity period of the cookie:12 months

Data processing purposes:Evaluation of website usage, campaign performance measurement

Categories of personal data:IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographical location

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Meta Platforms Ireland Ltd, Meta Platforms, Inc. (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:90 days

Data processing purposes:Evaluation of website usage, campaign performance measurement

Categories of personal data:IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographical location

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Pinterest, Inc. (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:12 months

Data processing purposes:Analysis of website usage, use of this information to serve tailored ads on LinkedIn (retargeting)

Categories of personal data:Device and browser properties, IP address, referrer URL and timestamps

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • LinkedIn Ireland Unlimited Company

Third country transfer:We do not transfer your personal data to third countries. With regard to the transfer of your personal data to third countries by LinkedIn, we refer to their privacy policy: https://www.linkedin.com/legal/privacy-policy

Validity period of the cookie:12 months

Data processing purposes:Evaluation of website usage, campaign performance measurement. Google Ads uses data to place adverts placed by Gira on websites, social media platforms, in search results and other digital platforms and to measure the success of advertising campaigns.

Categories of personal data:IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographical location

Legal basis and legitimate interests pursued, if applicable:

  • Use of the service: Section 25(1)(1) TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients:

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer:

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Validity period of the cookie:90 days