Vendor Privacy Notice
1. Who is responsible for the processing of your personal data?
This Vendor Privacy Notice ("Notice") applies to the ABB Group of companies, which means ABB company that is communicating with you or to which you are providing goods or services (referred to as "ABB" or "we"), is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice.
Other subsidiary companies of ABB may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.
2. The types of personal data do ABB collect and use?
ABB collect and use personal data that concerns you in connection with your work assignment and the services you are providing under the work assignment/statement of work directly to ABB and the agreements to be entered into between ABB and the relevant vendors. In particular, ABB may collect the following categories of personal data:
- Identification data and business contact information, you share with us such as first name, last name, job/position/title, nationality, business email address, business address, telephone number, mobile telephone number, telefax number, private telephone number, gender, date of birth;
- Additional information you provide to us in the course of our business relations or work assignment such as data concerning the fulfilment of our contractual obligations and pre-contractual measures including correspondence data, offers, tenders, resume/CV, conditions, contract and order data, invoices, payments, business partner history, records relating to queries/questions/complaints/orders, driving license number, vehicle license plate, ID/passport number;
- Expense-related information made to the individual vendor, such as bank statements, payment details, transactions, expense claims and receipts, bank account details, and credit card data;
- Electronic identification data and information collected by the communications systems, IT applications and website browser (where the relevant vendor has access or is affected by such systems or applications and in accordance with the applicable law)such as information technology usage (system access, IT and internet usage), device identifier (mobile device ID, PC ID), registration and login credentials, IP address, login data and log files, Analytics ID, time and url, searches, website registration and cookie data, sound recordings (e.g. voice mail/phone recordings, Skype recordings); and
- Other personal datawhere you or others (such as your colleagues) may register these data on or in our systems, programs, and application, such as business documents containing personal information (e.g., queries, questions, complaints, orders, and related records, emails, reports, contracts, presentations, minutes, work products), photos, images and/or videos.
3. Why does ABB use your personal data?
The use of your personal data provided during the procurement process will be limited to a need basis and shared only with the employees and third parties that are directly involved in the vendor procurement and the performance of the rights and obligations of ABB and you under the vendor agreement. All of the personal data ABB being collected and defined under this Notice will be used for the following purposes and the following lawful basis:
- ABB may process your personal data for the fulfillment of contractual obligations resulting from contracts with you or your company or as part of pre-contractual measures we take, including without limitation for the following activities:
- Supplier and service provider management throughout the supply chain, including contact interaction including tendering, engagement, processing orders, process and fulfillment of purchases, administration and management of suppliers, vendors, contractors, advisers and other professional experts;
- paying debts, supplier invoice and payment management for the purchase of direct and indirect services as well as payment collection and insolvency processes;
- contract lifecycle management and management of process quality; and
- to contact and coordinate with you for the purpose of supervising and/or managing the relationship between the you and ABB, or in emergency case;
- In some cases, ABB process your personal data on the basis of statutory requirements, for example, on the basis of tax and accounting or reporting obligations, relating to the vendor and supplier management;
- In some cases, ABB rely on our legitimate intereststo process your personal data insofar as this is not overridden by your own privacy interests. Such interests may include:
- conduct, management, development and furtherance of our business in the broadest sense possible including supply of products and services, performance of agreements and order management with suppliers, process and fulfilment of purchases, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our procurement processes and reorganization, acquisition and sale of activities, business divisions and companies;
- monitor, investigate and ensure compliance with legal, regulatory, standard and ABB internal requirements and policies;
- prevent fraud and criminal activity including investigations of such activity, misuse of ABB assets, products and services, and as strictly necessary and proportionate for ensuring network and information security;
- maintain and protect the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, and fraud or other criminal or malicious activities;
- manage IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), user accounts management, software licenses assignment, security and performance testing and business continuity; and
- transmitting personal data within the ABB group for internal administrative purposes as necessary for example to provide centralized services.
ABB collect only the personal data from you that ABB need for the purposes described above. For statistical purposes, improvement of our services and testing of our IT systems we use as much as reasonably possible anonymized data. This means that these data can no longer (in)directly identify you or single you out as an individual.
4. How long ABB keep your personal data
ABB only keep your personal data for as long as necessary for the purposes described in this Notice. In general, personal data is kept for the duration of the contractual relationship and for a minimum period (typically between 5-10 years after the termination of the contract) or for longer period if required by local laws and regulatory requirements.
Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted when we no longer need it.
5. What happens if you do not provide us with the information we had asked you for or if you ask us to stop processing your information?
Where it concerns processing operations related to the agreements with our vendors (as described above), ABB will not be able to adequately establish, conduct or terminate a business relationship with you or your company and generally perform the purposes described above without certain personal data. Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect the business relationship in a negative manner, such as not being able to take requested pre-contractual measures to enter into a contract with you or to establish and continue the business relationship you have asked for.
6. Parties we share your personal data with (in and outside the EU and EEA or outside the country where the ABB company that controls your data is located)
ABB only share your personal data with other ABB affiliates or third parties as necessary for the purposes described below to the extent only necessary to fulfill the relevant purposes defiined under the scope of the data processing agreement to be entered into between ABB and the relevant third parties:
- ABB affiliates (inside or outside of Europe) who provide any vendor and procurement services to the affliiates;
- ABB customers, distributors, agents and business partners for the purpose of project placements, carrying out audits, reviews and regulatory checks, customer relationship management and travel and expense management;
- Other service providers being engaged by ABB to provide IT services, professional and advisory services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agents and other advisors working on ABB’s behalf;
- Potential or actual acquirers of ABB businesses or assets for the purpose of the business assets evaluation; and
- Government authorities that ABB is obliged under the applicable laws or the government order / judgment to disclose or share the relevant data subject to such authority.
We only share your personal data with other ABB affiliates or third parties as necessary for the purposes described in this Notice. Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission or Standard Contractual Clauses. We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.
7. Which data protection rights do you have with regards to your personal data?
ABB respect your statutory rights under the applicable laws that You may have over your personal data as follows: (a) the right correct any error in your personal data or update it; (b) the right to access your personal data and receive a copy of your personal data that ABB hold, (c) the right to delete your personal data that ABB no longer have a lawful ground to use; (d) the right to port your personal data to a new data processor (if applicable); (e) the right to object to the processing of your personal data based on the legitimate interests grounds; (f) the right to suspend the use of your personal by ABB whilst a complaint or during your right to object or delete is being investigated, or (g) the right to withdraw consent, whenever ABB have asked for your consent for processing of your personal data.Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain personal data.
- 8. Contact and further information
If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how ABB processes your personal data, please contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy.
Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.
9. Updates to this document
This Privacy Notice may be updated from time to time as a result of required developments. In case of such updates, we will undertake necessary actions to inform you about them depending on the importance of changes done. If and where required by applicable laws, we will also ask for your consent to any material Privacy Notice changes describing our up-to-date practices.
Please check the “date of publication” to see when this Privacy Notice was updated.
Date of publication: March 4, 2024