Privacy Notice – Marketing


This document describes the processing of personal data in Abloy Oy’s marketing. This privacy notice provides the data subject and the supervisory authority with the information required by the European Union’s General Data Protection Regulation (GDPR) (679/2016).

Controller and contact details

Name: Abloy Oy
Postal address: Wahlforssinkatu 20, 80100 Joensuu, Finland.
Telephone (exchange): +358 20 599 2501
Business ID: 0774324-5
Email address:

This email address is to be used only for addressing matters related to data protection. For all other matters, the correct contact information can be found from

Whose data is processed?

The data subjects are Abloy Oy’s potential customers, present customers and stakeholders.

What is the purpose and legal basis for processing personal data?

The processing of personal data for marketing purposes is based on the consent of the data subject or on the legitimate interest of the controller in marketing communication aimed to at Abloy Oy’s customers.

Personal data groups of the data subject

Purpose of processing a data group

Basis of data processing

Potential customers, present customers and stakeholders

Marketing consents obtained via the website: electronic direct marketing (newsletters, reference stories, etc.), events and subscription to the Abloy magazine.


Analysing the data subject’s expression of interest and developing electronic marketing materials based on this analysis.

Consent or legitimate interest of the controller in marketing communications aimed at customers

What personal data is processed?

Personal data group

Data content

Potential customers, present customers and stakeholders

First name and last name

Title / item


Company name

Company’s place of business


Email address

IP address

Statistics on downloaded content

Statistics on use of Abloy’s website

Statistics on the content of and response to Abloy’s sales promotion tool: opening and using content

Statistics relating to forms filled out on Abloy’s website and relating to information given on the forms

Telephone number

Photo and written statement from reference customers' contact persons


How is personal data collected?

The data stored on the data subject is data provided by the data subject him-or herself. In addition, user data on systems is collected in the register, such as IP addresses, cookies, and content download details.

Who will the data be transferred to?


Purpose of the disclosure

Grounds for the disclosure

Service provider

Supplier of the marketing automation system

for the purposes of maintenance, support and use of the system

Data processing agreement

Service provider

Supplier of the sales automation system for the purposes of maintenance, support and use of the system

Data processing agreement

Advertising agencies

Marketing tasks under controller’s assignment


Data processing agreement

Companies belonging to ASSA ABLOY group

Administration for web sites

Data processing agreement

Is personal data processed outside the European Union?

Web site contents (i.e. &, data provided in the forms on these web sites and in marketing tools are accessible by ASSA ABLOY partner located in India only to the extent necessary for the provisioning of these services. The data in website is also locally processed by Abloy's sales companies in following non-EU located companies and countries:

Abloy LLC - Russia

Abloy (Shanghai) Security & Safety Equipment Co Ltd - China

ASSA ABLOY Kilitleme Sistemleri San. ve Tic. Ltd. Sti. - Turkey

Abloy Colombia S.A.S - Colombia

Representative office of Abloy Oy in Ukraine & other CIS - Ukraine, Belarus, Kazakhstan

If transferring data outside the EU or EEA, Abloy uses the standard contractual clauses adopted by the European Comission in order to protect the data.


What are the storage periods for personal data?

The data collected in the register will be kept for as long as necessary, and to the extent necessary, for fulfilment of the original or compatible purposes for which the personal data was collected.

Personal data groups

Storage time

Potential customers, present customers and stakeholders

Your consent can be withdrawn at any time, and the processing of your personal data will end once you withdraw your consent.


The consent given is valid for a maximum of 6 years, and before the period of validity expires the data subject will be asked for their consent to continue processing of their data. The data subject’s data is deleted from the register, unless new consent is received to the effect that processing of the subject’s data can continue.

What are data subject’s rights?

Right of Access

The data subject is entitled to obtain confirmation from the controller as to whether the personal data of the data subject is being or has been processed.

If the data controller processes the personal data of the data subject, the latter is entitled to the information of this document, as well as to a copy of the personal data that is being or has been processed.

If a data subject makes a request electronically and has not requested any other form of delivery, the data will be provided in a generally available electronic format that is compatible with secure delivery of the data.

Right to Correct or Delete Data

The data subject has the right to ask the controller to correct or delete his or her own personal data.

Under certain circumstances, the data subject has the right to request processing of their personal data to be restricted, or to otherwise oppose processing of the data. In addition, the registrar may request the transfer of data submitted by the data subject themselves in a machine-readable form based on the General Data Protection Regulation.

Direct Marketing

A data subject is entitled to prohibit the processing of their personal data for direct marketing purposes.

The Right to Withdraw Consent

If the personal data is processed based on the consent of the data subject, the data subject has the right to withdraw their consent at any time, without this affecting the lawfulness of the data processing that has taken place before the data subject withdrew their consent.

How can data subjects exercise their rights?

In all matters involving the processing of personal data, data subjects have the right to contact the controller.

All requests mentioned in the present document must be submitted to the above mentioned contact point of the controller.

Data subjects also have the right to file a complaint with the supervisory authority if their personal data is or has been processed unlawfully.

How is personal information protected?

Abloy Oy processes personal data safely and in compliance with the applicable legislation. Protection of personal data by Abloy Oy is adequate both technically and organisationally.

The data is stored in locked premises that are accessible only to authorised persons. Personal data stored in the systems is accessible only to pre-designated persons who need the information for work-related tasks. IT environments are protected by adequate firewalls and other forms of technical protection

With regard to the processing of personal data, Abloy Oy’s employees and other persons must abide by their obligation of secrecy and must handle personal data confidentially.

Updating Privacy Notice

We will update and change this privacy notice when necessary. We will notify you of such changes at Abloy’s www-site

This privacy notice has been made:  21st May 2018.

Last update for this privacy notice has been done on: 15th January 2019.