DATA PRIVACY STATEMENT

ASSA ABLOY and its Affiliates provides this Privacy Statement (hereafter, “Notice”) in order to demonstrate ASSA ABLOY’s commitment to privacy. ASSA ABLOY recognizes the importance of safeguarding Personal Data. “Personal Data” means any information relating to an identified or identifiable natural person and shall be construed in accordance with Data Protection Legislation.

This Notice applies solely to information collected and processed by ASSA ABLOY on behalf of the Customer and are included in the instructions given by the Customer being the controller of the processing of Personal Data.

PERSONAL DATA WE PROCESS

ASSA ABLOY collects, processes, and retains the following categories of personal data about End Users, on behalf of the Customer:

• Name/Surname
  
• Contact details (e.g. email, cell phone)
• Description (e.g. job title)
• Username, User ID, credentials
• Communications preferences
• Roles and permissions
• Access Policies/Groups
• Device information including unique identifiers such as serial number
• Asset information (e.g. name of asset) associate with users
• Asset attributes (e.g. year, model, Vehicle Identification Number/Chassis number etc.)
• Alert policies and events
• Photos (not processed for Biometrics)
• Reports e.g. Asset Transactions for example key return for an asset, User transactions a person performed against assets, cabinets etc. (Reports are customizable by customer)
• Anonymous usage statistics and metrics derived from user/asset information/transactions
• Credentials (PIN, Swipe, Fob)
• Technical log information, such as error codes for troubleshooting

SPECIAL CATEGORY OR SENSITIVE DATA WE PROCESS

WHEN enabled by customer, ASSA ABLOY collects, processes, and retains the following categories of special category or sensitive data about End Users, on behalf of the Customer:

• Biometric Credentials (fingerprint)
  
• Biometrics template information (Special category data)

REASONS WE SHARE PERSONAL DATA 

ASSA ABLOY will not disclose to a third party (except to its sub-processors subject to Clause 6.7) or use Personal Data other than as set forth in this Notice without first obtaining documented permission from Customer. ASSA ABLOY does not sell Personal Data processed on behalf of Customer to third parties.

DISCLOSURE REQUIRED BY LAW

ASSA ABLOY may cooperate with law enforcement agencies in identifying End Users committing illegal activities. Therefore, ASSA ABLOY will respond to subpoenas, warrants, or other court orders regarding information concerning any End User. ASSA ABLOY will, at ASSA ABLOY’s discretion, disclose information, including Personal Data, if ASSA ABLOY reasonably believes that ASSA ABLOY is required to do so by law, that such disclosure is necessary to protect ASSA ABLOY from legal liability, or that ASSA ABLOY should do so to protect the integrity of the Supplies. ASSA ABLOY will inform Customer of that legal requirement before processing to the extent reasonably possible, unless the law prohibits such information.

HOW TO ACCESS & CONTROL PERSONAL DATA

Upon request, ASSA ABLOY will assist the Customer’s account administrators for the Supplies with the fulfillment of the Customer’s obligation to respond to End User’s requests for access to Personal Data. If an End User wishes to request access to his or her Personal Data processed by ASSA ABLOY on behalf of Customer, the End User should contact the Customer. The Customer has primary responsibility for interacting with End Users in relation to Personal Data processed on Customer’s behalf, and the role of ASSA ABLOY is generally limited to assisting the Customer as needed.

DATA SECURITY

ASSA ABLOY will take reasonable steps to protect the Personal Data that ASSA ABLOY collects from loss, misuse and unauthorized access, disclosure, alteration and destruction. ASSA ABLOY trains employees on its Notice guidelines and makes the Notice available to its business partners. In addition, ASSA ABLOY and its business partners enter into confidentiality agreements that require care and precautions be taken to prevent loss, misuse, or disclosure of Personal Data. Any service providers only use Personal Data to perform services on behalf of ASSA ABLOY or its Affiliates. It is important for the Customer and End Users to protect against unauthorized access to their account access credentials and to their account, which holds Personal Data of the Customer and End User(s).

In addition, ASSA ABLOY takes precautions to protect Personal Data processed by ASSA ABLOY. ASSA ABLOY uses industry-standard security measures, such as firewalls and encryption technology that are reasonably designed to safeguard the confidentiality of Personal Data. ASSA ABLOY also periodically conducts security reviews and assessments. ASSA ABLOY stores Personal Data on secured servers and only authorizes access to certain authorized personnel.

TRANSFER OF PERSONAL DATA

ASSA ABLOY may transfer Personal Data to companies that help provide the Supplies. Transfers to third parties (for example, ASSA ABLOY’s hosting providers) are covered by a sub-processing agreements with ASSA ABLOY or its Affiliates. For additional information, please see the Clause titled “Data Security” above. Customer will be notified via email and/or a prominent notice on ASSA ABLOY’s site or application of any change in uses of Personal Data, as well as any choices the Customer may have regarding Personal Data.

ASSA ABLOY may also disclose Personal Data as set forth in the “Reasons we share Personal Data” and “Disclosures Required by Law” Clauses above.

DURATION OF PROCESSING

ASSA ABLOY shall store the Personal Data as long as the Supplies are in use by the Customer and for a period of the current year for the ending of the use of the Supplies + two following calendar years. After such period, ASSA ABLOY shall delete or render un-identifiable all Personal Data processed on Customer’s behalf unless otherwise required or permitted by law.

OBLIGATIONS UPON TERMINATION

After termination or expiry of Customer’s license to use the Supplies, ASSA ABLOY shall delete or render un-identifiable all Personal Data processed on Customer’s behalf within the Supplies unless otherwise required or permitted by law.

NOTICE CHANGES

This Notice may be updated from time to time as Supplies change and expand. ASSA ABLOY suggests that the Customer reviews the Notice periodically. If ASSA ABLOY amends the Notice, the new Notice will apply to Personal Data previously collected by ASSA ABLOY only insofar as the rights of the individual affected are not reduced.

CHILDREN’S PRIVACY

ASSA ABLOY recognizes the privacy interests of children and ASSA ABLOY encourages parents and guardians to take an active role in their children’s online activities and interests. The Supplies is not intended to be used by children under the age of 18. ASSA ABLOY does not target its Supplies to children under 18.

Contact Us: privacy.globalsolutions@assaabloy.com