ABLOY BEAT CUMULUS - Product Privacy Notice
Abloy Oy (“we”, “us” or “our”) are committed to protecting and respecting End User’s (“you”, “your” or “yours”) (who use/benefit from the service) privacy. The details of our processing of your personal data when using ABLOY BEAT CUMULUS Solution (“Service”) are described in this Product Privacy Notice. This Product Privacy Notice describes our practices regarding personal data collected through our interconnected system, “Service” which provides functionalities through:
ABLOY BEAT CUMULUS Mobile Application ("App") - used for interacting with the system & Locking devices.
ABLOY Keyless Cloud Platform ("Platform") - responsible for data storage, processing, and analysis.
ABLOY Keyless Locking Devices ("Devices") - collect and transmit data to the Platform and App.
As you utilize this Service, various personal information will be processed by us to be able to provide the Service. We, as the Service Provider, and/or Data Processor operate and manage the Service on behalf of the company using the Service integrally as part of their business hereinafter referred to as “Platform Owner” in this Product Privacy Notice. For the majority of the collected and processed personal data the Platform Owner determines the purpose and otherwise controls the processing instead of us and thus acts as the Data Controller. This policy only defines the data processing activities that we act as the Data Controller of your data.
For Processing Purposes listed below We act as the Data Controller who determines the purposes and means of the data processing activities. For all other processing purposes and related functionality offered in the Service we act as Data Processor hosting and managing the Service on behalf of the Platform Owner. This Privacy Notice only sets out the data processing activities We act as the Data Controller of your data. In all other instances not described in this notice, Platform Owner will act as the Data Controller for processing your personal data. The Platform Owner as the Data Controller will have their own Privacy Policy which you should read to understand their views and practices regarding data you submit through the Service.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of data protection legislation, the Data Controller for the data described in this policy is Abloy Oy, at following address; Wahlforssinkatu 20, 80100, Joensuu, Finland and with Business ID 0774324-5.
Personal data we collect from you and uses made of your personal data
In some limited instances as described below we may be the entity responsible for the processing and act as Data Controller.
Where practical, we anonymize or statistically aggregate the information we collect.
| Processing Purpose | Personal Data/Categories | Lawful Basis | Retention Time |
|---|---|---|---|
| To administer the Service, ensure reliability, and correct faults with the Service | User ID Organisation ID Access token Device ID |
Legitimate Interest | 3 years |
| To identify aspects of the Service which could be improved, ensure quality | Device battery level, free disk, free memory and locale Support ID if submitted by user (optional) |
Legitimate Interest | 3 years |
Data Processing for Audit Trails and Data Recovery: We collect and store user data to maintain audit trails and assist with data recovery upon request. The audit trails include login attempts, access times, and other system activity data. |
User ID Device ID |
Legitimate Interest | 3 years |
| To secure and protect against malicious attempts, identify, and prevent fraud or other unlawful activity | IP address and the location data derived from the IP address User ID Application ID Invitation code |
Legitimate Interest | 3 years |
| To ensure that content is presented in the most effective manner for you and for your phone | Features you interact with while using the Service. Device manufacturer type and model Device operating system and version |
Legitimate Interest | 3 years |
| To provide you latest updates regarding the improvements of our services | Device operating system and version | Legitimate interest | 3 years |
| To provide geolocation and geofencing features | Accurate location data | Legitimate interest | 3 years |
| Billing data | User ID Application ID |
Legal obligation | 7 yrs |
| To be able to analyze and test our Service by doing research, collect surveys and producing statistics, crash analytics | Analytics data, relying on cookie technologies regarding usage of our services IP address Crash data that contains a short log of events that occurred in the run up to a crash Support ID if submitted (optional) The information you submit in the feedback form or survey Device battery level, free disk, free memory and locale |
Consent | 18 months |
In more detail, we have collected the following categories of personal information from end users within the last twelve (12) months where a ‘YES’ is indicated in the relevant category. The Platform Owner (Data Controller) could be processing additional categories for which we are not the responsible organization.
| Category | Examples | Collected |
|---|---|---|
| A. Identifiers. | A real name, alias, telephone number, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name | YES |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement | YES |
| H. Sensory data | Audio, electronic, visual, thermal, olfactory, or similar information. | YES |
For clarity, we do not collect data you submit to the Service, or receive from it, as part of our monitoring activities. Only the act of submitting or receiving is recorded. For example, we may record that you entered information into a particular form field, but not the information itself or we may record that you ran a particular report, but not the resulting details of the report.
We reserve the right to collect and store system integrity-related data, even if the user has not yet been presented with or responded to the latest version of the privacy terms and conditions. Consent will be requested once the product transitions from offline mode to online mode
Retention Periods for Your Information
All personal data is collected and subsequently stored on our platform for a maximum period of 3 years. In accordance with legal and regulatory requirements, billing data will be retained for seven (7) years.
Sharing and Disclosure of personal Information
We take your privacy seriously and does not monetize your personal information. Certain states of the USA such as California and Nevada define the “sale” of data broadly, including the sharing of data with third parties. Under CCPA using cookie related technologies to collect usage analytics from our end users may be defined as a “sale”. This section describes the “sharing, disclosing, selling” of personal information.
We do not sell your personal data to third parties. However, we may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We may transfer your personal data for the purposes set out above, to a relevant ASSA ABLOY group entity. ASSA ABLOY group entities may also receive or gain access to personal data when rendering ASSA ABLOY group internal services.
To third party business partners who provide services connected to the purposes defined above.
Analytics providers who supply us with services for collecting and analyzing feedback and usage information.
Our customers, channel partners or their agents with whom you have engaged in a business contract.
We will disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with law or any other legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others.
We may transfer personal data outside of the EU/European Economic Area (“EEA”). If We use the EU/EEA standard contractual clauses approved by the European Commission to ensure a sufficient level of protection of your personal data if personal data from a country in the EU or EEA is transferred to a country outside the EEA, and for which the EU commission has not issued an adequacy decision. You may obtain a copy of the standard contractual clauses used for these transfers by sending a request to us. We receive the right to remove commercial or insignificant information from such a copy. These standard contractual clauses, as well as further information on international data transfers can be found here.
Security
We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, we limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks.
We take your safety and security very seriously and we are committed to protecting your personal information. All information you provide to us is stored on secure servers. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please be aware that, although we endeavor to provide reasonable security measures for personal data, the transmission of information via the internet is not completely secure. No security system can prevent all potential security breaches.
Your rights
Data protection legislation gives you the right to access, rectify or erase information held about you. Your right of access can be exercised in accordance with the data protection legislation. You can exercise these rights at any time by emailing us privacy@abloy.com.
Where processing of your personal data is based on consent, you can withdraw consent at any time. You are entitled to the following:
to ask for an access to your personal data that has been processed by us
to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest;
to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation;
to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected, or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
The Regulator
If you have a complaint regarding our processing of your personal data, you are entitled to report this to the relevant Data Protection Authority.
If you are based in the EU/EEA Area, we designate the Finnish Data Protection Authority will be the supervisory authority for the processing of your data. You may report your complaint to the Finnish Data Protection Authority, Lintulahdenkuja 4, 00530 Helsinki. Details of the Finnish Data Protection Authority can be found here.
If you are based outside of EU/EEA area, you may report your complaint to the Data Protection Authority in your country.
Links
This Notice may, from time to time, contain links to and from external websites. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to our privacy policy
Any changes we make to our privacy policy in the future will be posted on the relevant section of our Service. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to privacy@abloy.com.
Last updated May 15, 2024