Information Sheet under the EU Data Act
pursuant to Regulation (EU) 2023/2854 (Data Act)
Art. 3(2) and Art. 3(3)
| Company | SOREX Wireless Solutions GmbH |
|---|---|
| Website | sorex.eu |
| Status | 16 January 2026 |
| Validity | Applicable as of 12 September 2025 (Data Act applicability; design obligations for new products apply as of 12 September 2026) |
This information sheet supplements the privacy policy and contractual documents (e.g.
T&Cs / SLA). Its purpose is to inform users, prior to contract conclusion and during use,
about the data generated in connection with connected products and related services,
as well as access and data-sharing options.
1. Affected Products (Connected Products)
This information sheet applies to the following connected access control systems /
smart-lock components from SOREX (examples, depending on the product portfolio):
- smart Unilock
- smart Unilock+
- SOREX keypads, cylinders, door handles, key turners (if connected via
app/cloud/API)
| Product name | SKU |
|---|---|
| codepad fingerprint pro (metal) | ACKPP1BL |
| smart unilock mini | WRULM10111 |
| smart unilock | DO501000 |
| smart unilock 2.0 | DO502000 |
| smart yuki | KTSUK10000 |
| unilock lite | WRULL11000 |
| smart cylinder fingerprint | MD406000 |
| smart handle max pro black | BP103020 |
| smart handle max pro silver | BP103010 |
| smart handle code black | BH101020 |
| smart cylinder code | WZ101000 |
| net Gateway Wi-Fi | WG101000 |
| remote opener | SB101000 |
| door sensor | BS101000 |
| code pad | WP101000 |
| wired opener | WF101000 |
| net Gateway LAN | WG102000 |
| smart cylinder fingerprint 1.0 | MD406010 |
| net getway wifi 5G | ACNGWWFI2 |
| smart cylinder fingerprint 2.0 | CLSCF0101 |
| smart cylinder code 2.0 | WRSMS10111 |
| Unilock 3.0 | WRUNI41111 |
| Unilock smart switch | WRSMS10111 |
| Smart Unilock+ | DO502000 |
HotelPro and TTRenting require a paid subscription. The core functionality of all other product lines is free of charge.
2. Related Service (“Plus Mode”)
Where a digital service is used that exchanges data with the smart lock or extends its functionality (e.g. app-based remote access, remote administration, notifications, integrations via open API), this generally qualifies as a “related service” within the meaning of the Data Act.
Examples include app-based access management, open API integration concepts, and remote functions (e.g. via Wi-Fi with smart Unilock+ or via netGateway).
3. Roles and Definitions
• User: End customer, system administrator, and authorized users
• Data Holder: SOREX (insofar as SOREX can access data or processes data via a related service)
• Optional Third Party (Data Recipient): A recipient designated by the user (e.g. smart-home or building management system providers)
4. Types of Generated Data (Product Data / Related-Service Data)
4.1 Access and Event Data
• Timestamp of the event
• Event type (e.g. access attempt, door opened/closed, doorbell event)
• Authentication method (e.g. fingerprint, code, RFID, app/Bluetooth)
• Result/status (successful/failed) and any error code
• Device/component ID (e.g. Unilock, gateway) and optional location identifier (if configured)
4.2 System and Diagnostic Data
• Firmware/software version
• Operating status (online/offline), connection type (Bluetooth/Wi-Fi/gateway)
• Error messages, restarts, update events
4.3 Configuration and Integration Data
• User/role management (IDs/designations), schedules, permissions
• Integration/API events (e.g. webhooks/notifications), if used
Note: The Data Act applies to readily available data, including metadata required for interpretation and use. Complex proprietary analytics or inferred data may fall outside the mandatory scope, unless such data is already available as product or service data.
5. Scope, Frequency, and Estimated Data Volume
Data generation is typically event-based (access and system events). Continuous real-time generation may occur depending on the function (e.g. live video/intercom with Unilock+). Gateways and Wi-Fi locks maintain long-term TCP connections to the server via heartbeat signals. Smart door viewer locks and doorbell products generate video/audio streams when video is viewed.
Estimated sizes for typical JSON events (excluding video/audio):
| Event type | Typical size per event | Notes |
|---|---|---|
| Access event | 0.6 – 1.5 KB | Timestamp, method, result, device ID |
| System/diagnostic event | 0.4 – 1.2 KB | Status, error codes, versions |
| API/integration event | 1 – 3 KB | Webhook/API call metadata |
Illustrative estimates:
- Private use: ~20 accesses/day → approx. 4–11 MB/year
- Commercial use: ~300 accesses/day → approx. 65–330 MB/year
Actual values depend on configuration, usage intensity, enabled functions, and integrations.
6. Storage (On-Device / Remote) and Retention Periods
Depending on the product and configuration, data may be stored locally (on-device) and/or remotely (e.g. cloud/server).
Typical storage:
• Credentials (fingerprints, codes, RFID): stored locally and retained even during power loss
• Access logs/events: stored locally (ring buffer) and/or remotely (app/cloud), depending on “Plus Mode” and settings
Logging is enabled by default and cannot be disabled.
Retention:
• Local lock storage: typically up to ~1,000 entries (model-dependent)
• Cloud storage: up to 6 months (not configurable)
• Doorbell video recordings: 7 or 30 days, depending on the cloud plan
7. Format, Accessibility, and Technical Means
Data access methods:
• SOREX Smartlock App: viewing, export, and administration
• Open API: machine-readable integration with building or smart-home systems
Data format:
• Structured, machine-readable: JSON (API, webhooks, exports)
Online documentation is available at: https://euopen.sciener.com (online only, not exportable). Other datasets can be exported in Excel format.
API manual: https://support.sorex.eu/hc/de/articles/33548153842077-SOREX-API-Manual
Interface terms / QoS: Currently, no specific commitments or policies are defined.
8. User Rights (Access, Download, Third-Party Sharing)
Users have the right to receive product and related-service data free of charge, download it, and—upon request—have it transmitted to a third party. Data will be provided without undue delay and at the same quality level.
How to exercise these rights:
• In-app: use export and data-sharing functions (if available)
• Alternatively: email request to office@sorex.eu, including product/serial number and proof of admin rights
• Web portal: https://sorex.eu/sorex-smartlock-web
Deletion:
• Device data can be deleted by resetting the device
• Cloud data can be deleted or cleaned, but retention periods cannot be shortened
• Records can be selected and deleted in batches after confirmation
9. Access by SOREX and Third Parties
Access principles:
• Users: access their own data via app/API
• SOREX: access only where technically or contractually required (e.g. support, operation of the related service), following data-minimization principles
• Third parties: only upon explicit user request/authorization
Only authorized users may access devices and data. All access is logged. AES encryption and HTTPS are used.
10. Use of Data
Product data is typically used for:
• Operation and functional reliability of the smart lock
• Fault analysis, maintenance, and support
• User administration (e.g. permissions, schedules)
SOREX does not use data for advertising purposes without a valid legal basis or consent. Personal data is additionally subject to the GDPR; the Data Act does not provide an independent legal basis.
11. Trade Secrets and Security
To protect trade secrets and security requirements, SOREX may require appropriate safeguards (e.g. NDAs, technical access restrictions), without unreasonably hindering Data Act access. No trade-secret data is included.
12. Contract Duration / Termination of the Related Service
There is currently no contract and no specific policies or descriptions in place.
13. Right to Lodge a Complaint
Users may lodge a complaint with the competent national authority in case of suspected violations of the Data Act. For GDPR-related matters, the Austrian Data Protection Authority (DSB) is responsible. As of 16 January 2026, the Austrian Data Act enforcement authority / Data Coordinator has not yet been formally designated. SOREX will update this information once officially established.
14. Contact
SOREX Wireless Solutions GmbH
Technology and Research Center WN
Viktor-Kaplan-Straße 2B
2700 Wiener Neustadt, Austria
Tel.: +43 2622 320130
Email: office@sorex.eu
Support hours: Mon–Thu 09:00–16:00, Fri 09:00–14:00
Freitag: 09:00 - 14:00
