Privacy Notice – Customers

General

This document describes the processing of personal data in Abloy Oy’s sales and customers management. This privacy notice provides the data subject and the supervisory authority with the information required by the European Union’s General Data Protection Regulation (GDPR) (679/2016).

Controller and contact details

Name: Abloy Oy
Postal address: Wahlforssinkatu 20, 80100 Joensuu, Finland.
Telephone (exchange): +358 20 599 2501
Business ID: 0774324-5
Email address: privacy@abloy.com

This email address is to be used only for addressing matters related to data protection. For all other matters, the correct contact information can be found from www.abloy.com.

Whose data is processed?

The data subjects are representatives of Abloy Oy’ s potential customers, present customers, private persons and representatives of other partners.

Customer is a company purchasing products directly form Abloy or from its distributors and it’s partners participating to the design and purchase process of the company for example architects, consultant and construction engineers.

For more information on how we process the personal data of Abloy authorized locksmiths, please see the privacy notice in ABLOY CORE portal.

What is the purpose and legal basis for processing personal data?

The processing of personal data is based on the legitimate interest of the controller. Personal data is processed for purposes of fulfilling the agreements between Abloy Oy and s customer, order and delivery processing and for other purposes relating to sales.

Personal data groups of the data subject

Purpose of processing a data group

Basis of data processing

Basic data of the representative

Fulfilment of agreements, communication relating to agreements, development of co-operations

Customer communications

Deliveries

Commercial offers

Orders and logistics

System design

Reclamations

Invoicing

Debt collection

Customer service requests

Information system access right management

Data controller’s legitimate interest to perform customer agreements

Private customers

Deliveries

Orders and logistics

Invoicing

Reclamations

Debt collection

Agreement between the data subject and data controller 

Partners

Access right management for the door environment design tool

Realisation of design, definitions and sales process of customers assignments

 

 

Data controller’s legitimate interest to perform customer agreements

All customer groups

Customer surveys, provide you with recommendations and adapted services

Promotional games and draws

Customer surveys, providing you with recommendations and adapted services: Data controller’s legitimate interest to develop its business; the data subject’s consent to participate in possible further discussions

Promotional games and draws: the data subject’s consent to participate; data controller’s legitimate interest to deliver the prize

Proof of giving consent: legal obligation
Information of Employees from Customer or Partners relating to the webshop Delivery, handling, archiving the order Contract

What personal data is processed?

Personal data group

Data content

Representative’s basic data

Name

Title

Position

Email address

Phone number

Company name and customer number

Company email address

Address

Country

Partners basic data

Name

Title

Position

Email address

Phone number

Company name and customer number

Company email address

Address

Country

Private individuals data

Name

Email address

Phone number

Address

Customer surveys

Information necessary to determine the survey population, such as geographical location, industry, title.

Email address for sending the survey or phone number for a telephone interview.
Promotional games and draws

Email address
Contact details of the winner necessary to deliver the price

 

Information of Employees from Customer or Partners relating to the webshop Name, contact information such as address, email address, phone number and billing and shipping address.

How is personal data collected?

The personal data is collected from the data subject him/herself, representative of the data subject’s employer or public sources for example company internet pages, company registers, credit rating services or public information sources relating to construction.

In Yale consumer reclamation process, the service provider of Yale consumer support discloses a description of the defect and ticket number to Abloy.

Who will the data be transferred to?

Recipient

Purpose of the disclosure

Audit service provider

Auditing of the operations and quality

Authorities

Auditing of the operations and quality

Auditors

Auditing of the operations and quality

Agreement between controller and service provider Debt collection

Services providers

Authorisation card data is transferred to the card manufacturer for manufacturing the card.

Freight forwarder Delivery of products
Companies within the ASSA ABLOY group IT Operations and services connected to the above purposes
Service providers To companies acting as data processors which provide services connected to the above purposes 

 

Companies within the ASSA ABLOY group

Is personal data processed outside the European Union?

Service support requests containing personal data can be used by ASSA ABLOY EMEA’s IT support in India. If transferring data outside the EU or EEA, Abloy uses the standard contractual clauses adopted by the Commission in order to protect the data.

 

What are the storage periods for personal data?

The data collected in the register will be kept for as long as necessary, and to the extent necessary, for fulfilment of the original or compatible purposes for which the personal data was collected.

Personal data groups

Storage time

Customers representatives or employees data

For the duration of the co-operations  and  six years after end of the co-operations

Personal data in invoicing

Invoicing information is stored for six years form end of the calendar year during which financial year has ended

Authorisation card personal data Authorisation card data is stored for three years from the end of the card’s validity
Personal data of consumer and other private persons

Data regarding the reclamation process of Yale products is stored for six years after the termination of the process.

 

Data regarding the product orders by private persons is stored for six years after the termination of the ordering process.
Information related to customer surveys

The list of email addresses is retained for as long as is necessary to carry out the survey.

 

If the data subject has given their consent to carrying out further discussions with Abloy, the email address provided by the customer is retained for as long as is necessary to organise the discussions, however not longer than for 2 years from when the survey ended, unless the data subject withdraws their consent before this.

If the responses to a customer survey may be associated with an individual, the responses provided are retained for 2 years from the end of the survey. Aggregate data that is no longer associated with an individual can be kept longer.

Please note that email addresses collected from Abloy’s CRM system are retained in the CRM system even after this in accordance with the above.
Promotional games and draws

The email address provided by the data subject and other possible contact details provided by the winner are retained until the prize has been delivered.

Proof of consent

Proof of consent are retained for 3 years from the date when the processing subject to the consent ended, unless retention is required after this for example for the establishment, exercise or defence of legal claims.

Information of Employees from Custom-er or Partners relating to the webshop  6 years from the end of the year during which the order was made.

What are data subject’s rights?

Right of Access

The data subject is entitled to obtain confirmation from the controller as to whether the personal data of the data subject is being or has been processed.

If the data controller processes the personal data of the data subject, the latter is entitled to the information of this document, as well as to a copy of the personal data that is being or has been processed.

If a data subject makes a request electronically and has not requested any other form of delivery, the data will be provided in a generally available electronic format that is compatible with secure delivery of the data.

Right to Correct or Delete Data

The data subject has the right to ask the controller to correct or delete his or her own personal data.

Under certain circumstances, data subjects have the right to request processing of their personal data to be restricted, or to otherwise object to the processing of data. In addition, data subjects may request the transfer of data submitted by the data subjects themselves in a machine-readable form based on the General Data Protection Regulation.

Providing consent is always optional and the data subject can withdraw their consent at any time by notifying the controller.

How can data subjects exercise their rights?

In all matters involving the processing of personal data, data subjects have the right to contact the controller.

All requests mentioned in the present document must be submitted to the above mentioned contact point of the controller.

Data subjects also have the right to file a complaint with the supervisory authority if their personal data is or has been processed unlawfully.

How is personal information protected?

Abloy Oy processes personal data safely and in compliance with the applicable legislation. Protection of personal data by Abloy Oy is adequate both technically and organisationally.

The data is stored in locked premises that are accessible only to authorised persons. Personal data stored in the systems is accessible only to pre-designated persons who need the information for work-related tasks. IT environments are protected by adequate firewalls and other forms of technical protection

With regard to the processing of personal data, Abloy Oy’s employees and other persons must abide by their obligation of secrecy and must handle personal data confidentially.

Updating Privacy Notice


We will update and change this privacy notice when necessary. We will notify you of such changes at Abloy’s www-site https://www.abloy.com/en/site-functions/privacy-centre/privacy-notices/.


This privacy notice has been updated: 18 August 2020, 15 October 2020 and 30 September 2021
This privacy notice has been made:  21st May 2018.