Privacy Notice for ASSA ABLOY Opening Solutions

ASSA ABLOY is committed to protecting your personal data. This privacy notice describes:

  • The types of personal data we collect from you;
  • How we use that information and why;
  • Who we share it with and where;
  • How long we store it for;
  • Your rights, including how you can contact us if you have additional questions about the processing of your personal data; and
  • How we can make changes to this notice.

ASSA ABLOY Opening Solutions Sweden AB, 556034-3161 of KUNGSGATAN 71, 632 21, Eskilstuna as “data controller” is responsible for the processing of your personal data.

Questions and answers

Definitions

Terms

Definitions

Personal data

Any information relating to an identified or identifiable natural person.

 

Processing

 

Any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage etc.

Legal ground

The grounds that enable PUA to process personal data.

Controller

 

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Processor

 

A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Third party

A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

Third country

Country outside of  EU/EEA.

Supervisory authority

An independent public authority which is established by a Member State to monitor compliance with GDPR. In Sweden this is Datainspektionen.

 

Data Protection Manager (DPM)

Role within ASSA ABLOY to promote compliance with GDPR. DPM is appointed at Group level, division level and regional level.

Data Processing Agreement (DPA)

Agreement between PUA and PUB in cases where PUB processes personal data on behalf of PUA.

Customer B2B

It refers to a legal person or contact person of a legal person whose personal data we process in connection with the purchase of our products and services, e.g. retailer, licensed customer, product recipient.

Customer B2C

It refers to the natural person whose personal data we process in connection with the purchase of our products and services, e.g. In-Home Service Consumer.

Potential customer

It refers to a natural or legal person whose personal data we process in connection with the marketing of our products and services.

Supplier

It refers to a natural or legal person whose personal data we process in connection with them performing a job or delivering a service to us, for remuneration, eg consultant, contact person

Test individuals

It refers to a natural person whose personal data we process in connection with conducting tests of our products and services, e.g. beta testers

Recruitment candidate

It refers to a natural person whose personal data we process in connection with them applying for a position at our company.

Visitor

It refers to a natural person whose personal data we process when they visit one of our premises.

What personal data will we collect?

Customers B2B

Purpose

Personal data

Legal ground

Retention period

Administrate training and certification where ASSA ABLOY Opening Solutions Sweden is controller, and also keep and on request supply the data subject with copies of diploma and certificate

Name

Email address

Phone number

Company

Results

Performance of a contract, the data is necessary for us to fulfill obligations in a contract, if the contract was entered into with the data subject 

Legitimate interest, when concerning a contact person at a customer who is controller. Our interest in administrating training and certification outweighs the data subject’s interest in not having their personal data processed for thos purpose. 

During the training + 3 years

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage financial information

Name

Email address

Phone number

Company

Registration number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the financial year to which the data refers + 7 years

Administrate credit reports sole traders for the purpose of assessing the suitability of the firm in connection to any ASSA certification, whereby the financial stability of the firm constitutes an element

Name

Email address

Phone number

Company

Financial data

Registration number

Legitimate interest, 

our interest in being able to make financial risk assessments in connection to certifications outweighs the data subject's interest in not having their personal data processed for this purpose. In addition, the processing can be said to be in the data subject's interest in cases where certification is issued.

Deleted directly after decision

Administrate business partner controls in order to assess their suitability in connection with possible business relationships

Name
Company commitment
Information appearing when searching in screening databases

Legitimate interest or legal obligation, depending on whether or not the obligation to assess business partners follows from EU or Swedish law or not  

During the contract period or from business decision + 10 years

Manage dept collection for sole traders

Name

Email address

Phone number

Company

Registration number

Legitimate interest, our interest in being able to get paid for our claims outweighs the data subject's interest in not having their personal data processed for this purpose

Until payment is recieved + 3 months

Administrate complaints/claims (where ASSA ABLOY Opening Solutions Sweden is controller)

Name

Email address

Phone number

Legitimate interest, When concerning a contact person at a customer who is controller.  Our interest in being able to manage claims and improve our products outweighs the data subject's interest in not having their personal data processed for this purpose

During the case + 1 year

Manage testing and troubleshooting where ASSA ABLOY Opening Solutions Sweden is controller

Name

Email address

Phone number

Performance of a contract, the data is necessary for us to fulfill obligations where the data subject is the customer

Legitimate interest, When the customer is a company. Our interest in being able to manage claims and improve our products outweighs the data subject's interest in not having their personal data processed for this purpose

While testing or troubleshooting are ongoing

Administrate helpdesk matters

Name

Email address

Phone number

Legitimate interest - When concerning a contact person at a customer who is controller.

Our interest in administrating helpdesk matters outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract period + 6 month

Manage NDA's

Name

Legitimate interest 

Our interest in ensuring no disclosure outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract period + 10 years

Administrate licenses to be able to give customer, e.g. locksmith, access to systems with high security levels.

Name

Social security number

Phone number

Email address

Company

Legitimate interest, When concerning a contact person at a customer who is controller. Our interest in administrating customer licenses outweighs the data subject's interest in not having their personal data processed for this purpose

During the license period + 1 year

Administrate order processing

Name

Email address

Phone number
Address

Legitimate interest, When concerning a contact person at a customer who is controller. Our interest in administrating orders outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract period + 3 years

Enable delivery of goods to end users/consumers

Name

Email address

Phone number
Address

Legitimate interest, Our interest in being able to deliver goods outweighs the data subject's interest in not having their personal data processed for this purpose

Delivery + 10 years

Contact existing customers (B2B) with news letters and marketing, who have not requested the information/signed up for mailings

Name

Email address

Address

Company

Legitimate interest, Our interest in being able to inform our customer about news and/or changes in our products outweighs the data subject's interest in not having their personal data processed for this purpose

If the data subject has requested the information: From opt-out + 1 year (mailings will cease immediately)


If the data subject has not requested the information: During contract period + 1 year

Administrate events

Name

Email address

Phone number

Special diets

Legitimate interest, If it concern obligations toward companies or our employees, our interest in being able to conduct events for visitors/employees outweighs the data subject's interest in not having their personal data processed for this purpose

Consent, 
in case participant lists are to be saved for a longer period than specified here  

During the event + 1 month

To market our company on our external web

Name

Company

Picture

Legitimate interest, If it concern obligations towards companies or our employees, our interest in being able to market our company outweighs the data subject's interest in not having their personal data processed for this purpose

During the campaign + 3 month

Administrate customer quotations (B2B)

Name

Email address

Phone number
Company

Legitimate interest, Our interest in processing this information to promote an efficient bidding process outweighs the data subject's interest in not having their personal data processed for this purpose

During the validity period of the quote + 6 month or according to confidentiality agreement in procurement

Administrate customer agreements (B2B)

Name

Email address

Phone number

Company

 

Legitimate interest, When concerning a contact person at a customer who is controller. Our interest in administrate customer agreements outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract period + 10 years

Manage market research to contact persons at customers

Name
E-mail
Company
Position
Survey responses
Possibly indirect identifiers in the reports
Information regarding whether the person concerned has been asked to participate in the survey

Legitimate interest, Our interest in being able to research new business opportunities outweighs the data subject’s interest in not having their personal data processed for this purpose  

Contact information, position, company affiliation and information about invite to the survey: During the contract persiod + 10 years

 

Reports: From the point of receiving the report + 1 year

For access, maintenance and development of the company's IT environment

Name

User name

Legitimate interest, Our interest in being able to handle access, maintenance and development of the company's IT environment outweighs the data subject’s interest in not having their personal data processed for this purpose 

for as long as it is necessary for the purposes

 

 

Customers B2C

Purpose

Personal data

Legal ground

Retention period

To provide, manage and support the In-Home Service

Name
home address
email address
phone number
Insurance details information on your digital lock

Any additional information you share with us

Performance of contract insofar as the processing is required to fulfill the contractual obligations (e.g. guarantees) towards the data subject. 

During the contract period + 10 months  

To market our services e.g. through the mobile application, text messages and emails

Name
home address
email address
phone number
Any additional information you share with us

Legitimate interest, our interest in being able to market our company outweighs the data subject's interest in not having their personal data processed for this purpose

From the time of collection or last contact + 1 year

To prevent fraud and other abuse

Name
home address
email address
phone number
Insurance details information on your digital lock

Any additional information you share with us

Legitimate interest, our interest in being able to prevent fraud and other abuse outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract period + 10 years

To establish and defend legal claims

Name
home address
email address
phone number
Insurance details information on your digital lock

Any additional information you share with us

Legitimate interest, our interest in being able to establish and defend legal claims outweighs the data subject's interest in not having their personal data processed for this purpose

During the contract/warranty period + 10 years

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage financial information

Name

Email address

Phone number

Company

Registration number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the financial year to which the data refers + 7 years

Administrate complaints/claims

Name

Email address

Phone number

Legitimate interest, When concerning a contact person at a customer who is controller.  Our interest in being able to manage claims and improve our products outweighs the data subject's interest in not having their personal data processed for this purpose 

During the case + 3 year

Administrate customer agreements

Name

Email address

Phone number
Address

Performance of contract insofar as the processing is required to fulfill the contractual obligations (e.g. guarantees) towards the data subject. 

During the contract period + 10 years 

 

 

Potential customers

Purpose

Personal data

Legal ground

Retention period

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Administrate marketing mailings to contact person at potential customers (B2B), who have requested the information/signed up for mailings

Name

Email address

Address

Company

Legitimate interest, Our interest in being able to conduct marketing outweighs the data subject's interest in not having their personal data processed for this purpose

From opt-out + 1 year (mailings will cease immediately)

Administrate an initial marketing mailing/campaign to contact person at potential customer (B2B), who have not requested the information/signed up for mailings

Name

Email address

Address

Company

Legitimate interest, Our interest in being able to conduct marketing outweighs the data subject's interest in not having their personal data processed for this purpose

From the point of collection + 1 month until first contact, then 2 month

Manage market research to contact persons at potential customers

Name
E-mail
Company
Position
Survey responses
Possibly indirect identifiers in the reports
Information regarding whether the person concerned has been asked to participate in the survey

Legitimate interest, Our interest in being able to research new business opportunities outweighs the data subject’s interest in not having their personal data processed for this purpose  

Contact information, position, company affiliation and information about invite to the survey: During the contract period + 3 months

 

Reports: From the point of receiving the report + 1 year

 

 

Suppliers

Purpose

Personal data

Legal ground

Retention period

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage financial information

Name

Email address

Address

Company
Registration number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the financial year to which the data refers + 7 years

Manage purchasing of goods and services

Name

Email address

Phone number

Legitimate interest, Our interest in being able to procure new suppliers outweighs the data subject's interest in not having their personal data processed for this purpose

Delivery + 10 years

Manage procurement

Name

Email address

Phone number

Legitimate interest, Our interest in being able to procure new suppliers outweighs the data subject's interest in not having their personal data processed for this purpose

Contract award decision + 6 months

 

 

Test individuals

Purpose

Personal data

Legal ground

Retention period

Documentation to be able to manage beta testing

Name

Email address

Phone number

Address

Legitimate interest, Our interest in being able to perform beta testing outweighs the data subject's interest in not having their personal data processed for this purpose

During test period + 2 years

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

 

 

Recruitment candidates

Purpose

Personal data

Legal ground

Retention period

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Receive, evaluate and decide on job applications

Name

Email address

Phone number
Social security number
 + CV and personal letter

Performance of contract, the data is necessary for us to be able to fulfill obligations in employment contracts and collective agreements 

During recruitment + 2 years

 

 

Visitors

Purpose

Personal data

Legal ground

Retention period

Manage data subject’s rights according to GDPR

Name

Identifier

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage personal data breaches according to GDPR

Name

Email address

Phone number

Legal obligation, the data is necessary for us to fulfill obligations according to swedish law 

During the case + 10 years

Manage camera surveillance (CCTV) to secure our premises

Picture

Legitimate interest, Our interest in securing our premises outweighs the data subject's interest in not having their personal data processed for this purpose

From the time of the recording + 30 days

To administrate visits to our premises

Name

Phone number

Company

Legitimate interest, Our interest in processing this information to be able to inform the person who recieves a visit, and to be able to know who is on our premises outweighs the data subject's/visitors interest in not having their personal data processed for this purpose. In case of fire, we also need to be able to produce an evacuation list

During the visit + 24 hours

Protection of personal data

ASSA ABLOY Opening Solutions Sweden has taken appropriate technical and organizational measures to protect your personal data and to prevent your personal data from being used for illegal purposes or being disclosed to unauthorized persons.

Our employees, and our data processors and sub processors are obligated to follow our internal guidelines for data protection.

Who and where is your personal data transferred to?

We may transfer your personal data for the purposes set out above:

  • To other companies within the ASSA ABLOY group
  • To suppliers that provides services within market research
  • When required by law; and/or
  • To a buyer or a potential future buyer of our business.

Processors

ASSA ABLOY Opening Solutions Sweden may in some cases use processors who provide services for us, e.g. IT services and security solutions. In these cases, we undertake to have personal data processor agreements with all processors and that these processors comply with the Data Protection Regulation (GDPR).

 

Third country 

ASSA ABLOY Group has companies located in countries outside the EU/EEA. As in some cases these countries have a lower level of protection than that within EU/EEA, when transferring personal data to countries outside the EU/EEA we use standard contractual clauses approved by the European Commission to ensure a sufficient level of protection for your personal data. These Standard Contractual Clauses can be found via the following link: https://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm

Your rights

In relation to the personal data that we hold about you, you have the right to:

  • Request a copy of your personal data from our records;
  • Ask that we correct or erase your personal data (though this may mean that we cannot process requests or orders, or that your account expires);
  • Ask us to stop processing your personal data (for example as regards the use of the data to improve our website), or restrict how we process it (for example if you deem the data to be incorrect);
  • Request the personal data used to provide you with information you requested, process an order, or manage your account or our relationship in a machine readable format, which you are entitled to transfer to another data controller; and
  • Withdraw your consent to us processing your data for marketing purposes at any time.

We may not accept a request to erase your personal data where we require it to comply with a legal obligation or in relation to a legal claim.

 

Requests to exercise your rights should be addressed to "Att: ASSA ABLOY DPM” on our contact page.

 

If you have a complaint regarding our processing of your personal data you are entitled to report this to relevant supervisory authority or to the supervisory authority where you live or work if different.

How can we make changes to this privacy notice?

We may update this privacy notice from time to time in response to changing legal, regulatory or operational requirements. When we make changes that are not just linguistic or editorial, you will get clear information about the changes.