UNION

Privacy notice - Subject Access Request

ASSA ABLOY AB will process your personal data regarding your request relating to the management of your personal data in the following way.

What personal data will ASSA ABLOY process in connection with your request and why?

We will store and use:

(a) your contact information in order to be able to communicate with you regarding your request,

(b) the information you provide us with in relation to your request,

(c) information required to be able to verify your identity (such as copy of identification documentation, employee number or customer number) and

(d) additional personal data required to respond to your request.

On what ground will ASSA ABLOY use your personal data?

Our collection and processing of your personal data is based on the requirement to fulfil the legal obligation to respond to a subject access request in accordance with Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws and regulations.

Transfer of personal data

Transfer of your data may occur to the following categories of recipients, to the extent necessary to fulfil your request:

(i)  authorities

(ii)  other companies in the ASSA ABLOY Group that requires access to such information in order for us to respond to your request and

(iii)  external service supplier or cooperation partner who execute services on our behalf. Service suppliers and cooperation partners may only process personal data according to our instructions.

If transfer of data to authorities, other companies in the ASSA ABLOY Group or service providers outside the EU/EEA is relevant, it will be executed in accordance to applicable data protection legislation and only for the purposes stated above. This kind of transfer is normally based on the European Commission’s standard contractual clauses.    

For how long will ASSA ABLOY store your personal data?

We store personal data which is processed in connection with your request for eighteen (18) months after our final response has been sent.

If we answer your request and it does not lead to further communication, we delete personal data collected and processed in connection to your request within three (3) months.

Information and access rights

Right to access and rectification

You have the right to request access to the personal data relating to you. This includes the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose of the processing. You also have the right to rectify or add personal data if the personal data is inaccurate or incomplete. As soon as we become aware of any inaccurate personal data being processed, we will correct the concerned personal data as soon as possible and notify you accordingly.

Right to erasure

You may request that your personal data be erased for example in the following situations:

  • if the personal data is no longer necessary for the purposes for which it was collected, 
  • if you object to the processing of personal data where we do not have an overriding legitimate interest, 
  • if the processing is unlawful, or 
  • if the personal data has to be erased to enable us to comply with legal requirements. 

If you have any questions about your right to erasure, please contact the Data Protection Manager (DPM) (please see below for contact details). Please note that we may reject your request if the processing is permitted or required according to law or any other relevant legal ground.

Right to object

You are entitled to object to our use of your personal data where we base the processing on our legitimate interest. If you object, we will no longer process your personal data unless we can show that we have compelling legitimate grounds for the processing that overrides your interests or rights and freedoms or if we need it to establish, exercise or defend legal claims.

Right to restriction

You can request us to restrict the processing of your personal data in the following situations:

  • if the processing is no longer necessary for the purposes for which it was collected or processed,
  • if you withdraw your consent for the use of data that we base on your consent,
  • if you believe the personal data may not be correct,
  • if you believe that the processing is unlawful, or
  • if we process your personal data based on our legitimate interest, where we do not have an overriding interest in relation to your privacy interest.

Right to Data Portability

If you request access to personal data about you that you yourself have provided and if the personal data is being processed automatically and/or in accordance with a contract between you and ASSA ABLOY, you may request that the data is provided in a structured, commonly-used and machine-readable format and you may also request that the personal data is transferred to another controller, if this is technically possible.

In certain circumstances, we may need to restrict the above rights to safeguard public interests and/or our interests. ASSA ABLOY AB, Reg. no 556059-3575 is responsible for the processing of your personal data, and requests to exercise your rights as stated above shall be addressed to gc.privacy@assaabloy.com or ASSA ABLOY AB, Attn: ASSA ABLOY DPM, Box 703 40, SE-107 23 Stockholm.

If you have a complaint regarding the processing of your personal data by ASSA ABLOY you are entitled to report such dissatisfaction to the supervisory authority for the personal data processing of ASSA ABLOY, Datainspektionen.

 

Privacy Notice, version 1.1, April 26 2019