Customer and Business Partner Privacy Notice

1. Who is responsible for the processing of your personal data?

This Customer and Business Partner Privacy Notice ("Notice") applies to the ABB Group of companies, which means ABB Ltd, Switzerland and each entity in which ABB Ltd, Switzerland, directly or indirectly, has a majority holding or owns or controls the majority of voting rights.

The ABB company that is providing services or communicating to you , is responsible for the processing of your personal data and controls how it is used.

Other subsidiary companies of ABB (collectively referred to as “ABB”) may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them. A list of these ABB Group companies can be found on the ABB website (https://new.abb.com/privacy-policy/subsidiaries).

In your case, ABB AG, Kallstadter Straße 1, 68309 Mannheim, Germany, or any respective company affiliated with ABB AG pursuant to §§ 15 ff. of the German Stock Corporation Act (Aktiengesetz – AktG), hereinafter referred to as “ABB”, "we" or "us", is responsible as the "controller" of your personal data within the meaning of the EU General Data Protection Regulation (“GDPR”) and the Federal Data Protection Act (Bundesdatenschutzgesetz – “BDSG”) for the processing of your personal data in accordance with this Notice.

You can contact our data protection officer as follows:

ABB AG
Konzerndatenschutzbeauftragter
Kallstadter Str. 1
68309 Mannheim
privacy@abb.com

2. Which of your personal data do we collect and process?

We collect and process personal data that we receive from you either as a result of your registration to receive marketing information or in the course of our business relations, in particular on the basis of any kind of contractual relationship with you or your company (hereinafter: “you”) or as a result of your contact enquiry, specific pre-contractual enquiry or registration for a specific event to us via our websites, by e-mail or telephone or at a trade fair, roadshow or other event (hereinafter also referred to as "enquiry"). In addition and to the extent legally permitted, we may obtain personal data from publicly accessible sources (e.g. commercial and association registers, press, internet) or which are legitimately transmitted by other third parties (e.g. event organizers, credit agencies, etc.).

In general, we collect and use the following categories of personal data:

  • The business contact information you share with us:name, title, job title, email address, business address, telephone number, mobile telephone number, gender, date of birth, employee number, passport number, travel visa information, etc.
  • Additional information you provide to us in the course of our business relations, such as:interests in ABB products, marketing preferences, registration information provided at events, webinars, fairs, contract or order data, invoices, payments, business partner history, data concerning the fulfilment of our contractual obligations and pre-contractual measures including marketing activities, correspondence data, offers, tenders, insurance data, records relating to queries/questions/complaints/orders, customer feedback, interview and assessment/,training records, customer/consumer ID, product usage data and preferences, etc.
  • Electronic identification data and information collected by the communications systems, IT applications and website browser, such as: IP address, the source of your site visit, webpage views and time spent on the website or a particular page, links clicked, comments shared, emails opened, browser type, date and time of visit, device identifiers (mobile device ID, PC ID etc.), cookies, digital alias/signature, registration and login credentials, tracking/analytics data.

The below mentioned types of personal data are only collected and processed, if at all, in accordance with applicable local laws in your country of residence.

  • Data about criminal convictions and offences, such as: criminal background information and sanction list information to the extent required for the purposes of criminal background screening and Know Your Customer (“KYC”) and Anti Money Laundering (“AML”) obligations.
  • To the extent necessary to fulfil our obligations, data obtained from publicly accessible sources or which are legitimately transmitted by other third parties (e.g. a credit agency):commercial register data, association register data, creditworthiness data.

3. Why do we process your personal data?

We process your personal data primarily for the purpose of establishing the business contact with you that you have requested. In this regard, we may process your personal data to conclude and execute orders and contracts with you, to deliver our services and products and to carry out pre-contractual measures upon your request within this business relationship. Furthermore, your personal data will be stored in our ABB-Group CRM Database for the processing purposes mentioned in this Notice.

In this sense and as part of our business relationship, you need to provide us with certain personal data, which is necessary to establish, conduct and terminate a business relationship with you, required for the fulfilment of the contractual obligations associated with it or which we are legally obliged to collect. Without such personal data, we will not be able to enter, execute or terminate a contract with you or to take the requested pre-contractual measures to enter into a contract with you. If you do not provide us with the necessary personal data, information and documents, we cannot establish or continue the business relationship you have requested.

Additionally, we process your personal data on the basis of your registration to receive marketing-related information or any other request on your part (e.g. via the Internet, by e-mail or telephone or at a trade fair or product event) for direct marketing purposes. Your personal data enables us to understand your interest in our products, to develop our business relationships with you and to provide you with the information you request.

With your consent and to provide you with tailored marketing communication and advertisement and send you personalized messages, we will also use automated methods to build a profile based on data that we have obtained as described in this notice such as the number of ABB webpage views, opened emails, your webinar registrations and the recent interaction and activities with ABB. In case you would like to be provided with more information about the automated methods to build a profile, you can request that by submitting a request at www.abb.com/privacy. You have the right to withdraw your consent at any time with effect for the future and to object to profiling activities by submitting a data subject request at www.abb.com/privacy.

We may use your personal data as described above for the following purposes:

  • processing and fulfilling orders, delivering services and keeping you informed about the status of your or your company’s order;
  • providing and administering our products and services;
  • processing quotation offer and managing the customer relationship including providing customer and product support and process, evaluate and respond to requests and inquiries, contract lifecycle management, and capturing personal data of potential customers in our case management systems for future communications;
  • conducting and facilitating customer satisfaction surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
  • conducting marketing and sales activities (including generating leads, pursuing marketing prospects, performing market research, determining and managing the effectiveness of our advertising and marketing campaigns and managing our brand and communicating about new business projects);
  • sending you marketing communications by post, telephone, text, email and other digital methods about products and services (such as alerts, promotional materials, newsletters, etc.);
  • analyzing personal data to provide with relevant marketing offers and information, ensure accuracy of customer contact information.
  • conducting customer trainings and courses
  • reporting and data analytics such as market research, trend analysis, financial analysis, customer segmentation and profiling of customers in order to improve the customer experience with ABB and provide better and more personalized content including market intelligence and development and improvement of services or products through assessment and analysis of the information;
  • communicating with Business Partners about products, services and projects of ABB or Business Partners, e.g. by responding to inquiries or requests;
  • travel arrangement, ticket and workflow management, fleet management;
  • reorganization, acquisition and sale of activities, business units and companies;
  • management of process quality and insurance management;
  • carrying out audits, reviews and regulatory checks to meet obligations to regulators;
  • governance, risk and compliance, including due diligence and Anti Money Laundering (“AML”) obligations, customs and global trade compliance and sanctioned party list screening, security, including prevention, detection of crime and fraud;
  • maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, and fraud or other criminal or malicious activities; and
  • managing IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), user accounts creation and management, software licenses assignment and management, security and performance testing and business continuity, monitoring access to systems, downloads.

We collect only the personal data from you that we need for the purposes described above. For statistical purposes, improvement of our services and testing of our IT systems we use as much as reasonably possible anonymized data. This means that these data can no longer (in)directly identify you or single you out as an individual.

4. On which legal basis do we process your personal data?

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), in particular according to one of the following legal bases, as applicable:

  • If and to the extent we process your personal data for the fulfilment of contractual obligations resulting from contracts concluded with you or your company, or as part of pre-contractual measures at your request, the legal basis for such data processing is 6 (1) b) GDPR;
  • If and to the extent we process your personal data on the basis of legal obligations, statutory requirements or administrative orders, for example, on the basis of tax control or reporting obligations, cooperation obligations with authorities or statutory retention periods or the disclosure of personal data within the scope of official or judicial measures for the purposes of taking evidence, prosecution or enforcement of civil, criminal and administrative law claims, the legal basis for such data processing is 6 (1) c) GDPR;
  • We will ask for your consent and provide you more detailed information in the consent declaration for the activities described in this Notice when required by applicable law, especially for the following purposes of processing of your personal data as also described further in detail in your Declaration of Consent:
    • If and to the extent we process your personal data in exceptional cases without an existing business relationship with you for direct marketing purposes, we require your consent pursuant to 6 (1) a) GDPR as legal basis for such data processing.
    • If and to the extent we send you marketing information by electronic mail, such as tailored marketing communication, personalized messages or newsletters, we require a further consent from you in accordance with 7 (2) No. 3 UWG (the Unfair Competion Act - Gesetz gegen den unlauteren Wettbewerb).
    • If and to the extent we use automated methods to build a profile based on your personal data that we have obtained from your interactions and activities with ABB as described in this Notice for direct marketing purposes, we require your consent for such profiling activities in accordance with 22 (2) c) GDPR.

You may of course withdraw such consent at any time with effect for the future according to Art. 7 (3) GDPR by submitting a request for withdrawal of consent at www.abb.com/privacy or by clicking on the „unsubscribe“ link integrated in the respective e-mail.

  • If necessary, we process your personal data within the scope of the business relationship with you in order to protect the legitimate interests of us or third parties. This requires a weighing of interests in accordance with 6 (1) f) GDPR, according to which a processing of personal data is permissible if it is necessary to safeguard the legitimate interests and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. Such interests may include:
  • The use of your personal data for direct marketing purposes in an existing direct business relationship is a recognized legitimate interest pursuant to Art. 6 (1) f) GDPR. Your personal data is processed by us in the context of your business relationship with us (e.g. as a consumer, merchant, entrepreneur or employee of one of our business partners). We ensure that you only receive tailored marketing communication, personalized messages and offers that are relevant or of interest to you. Our legitimate interest in this respect is your interest in our products and our business relationship, which we would like to develop with you.
  • We have a legitimate interest to conduct, management, development and furtherance of our business in the broadest sense possible including supply of products and services, performance of agreements and order management with customers, process and fulfilment of purchases, performance of customer support activities such as processing your enquiries, providing requested information, organizing and performing the events you want to attend, process quality management and improvement of products or services, analytics and market intelligence, reduction of default risks in our sales processes, enforcement of legal claims, including debt collection via out-of-court procedures, and reorganization, acquisition and sale of activities, business divisions and companies;
  • We have a legitimate interest to monitor, investigate and ensure compliance with legal, regulatory, standard and ABB internal requirements and policies and to prevent fraud and criminal activities by performing investigations of such activities, misuse of ABB assets, products and services, and to process your personal data related to the use of digital services as strictly necessary and proportionate for ensuring network and information security; and
  • Furthermore, we have a legitimate interest in collecting your personal data in ABB Group CRM systems and databases if you have voluntarily provided us with your personal data for this purpose or if we are in a contractual or a business relationship with you, ensuring the accuracy of your contact information and in transmitting your personal data within the ABB group for internal administrative purposes as necessary for example to provide centralized services.

You may obtain a copy of our assessment of why we may process your personal data for these interests by submitting a request at www.abb.com/privacy.

With regard to personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.

5. Who processes your personal data?

As part of the global ABB Group, we have business relationships with affiliated companies and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data as necessary for the purposes described in this Notice and the table below. In this regard, your personal data may also be made available to ABB Group companies in countries outside the EEA for the processing purposes mentioned in this Notice, in which the level of data protection may not be comparable to the European Union (EU). However, we are committed to a high level of data protection within our group of companies in order to ensure that your personal data is protected in accordance with the GDPR.

Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission (read more here)or Standard Contractual Clauses of the EU Commission (read more here) and the Binding Corporate Rules that some of our suppliers have adopted (read more here). We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.

In addition, when processing your personal data for the purposes mentioned in this Notice, we may use external service providers as processors (e.g. computer centers, software companies and marketing automation providers). In particular, the operator of the marketing automation platform used by ABB has the technical possibility to access your personal data. As a matter of principle, these processors are used within the framework of an existing contractual relationship, bound by instructions, and receive your personal data only to the extent and for the period required for the provision of the service. We will also only transfer your personal data to external service providers if there is sufficient assurance that such service providers comply with the high data protection level of the GDPR, e.g. by concluding Standard Contractual Clauses.

Recipient name or – for non-EU countries – recipient category

Recipient location

Purpose

ABB affiliates and subsidiaries

See the list of ABB subsidiaries

The purposes described in this Notice

ABB business partners, distributors, and agents

EU/EEA and non-EU/EEA (global)

The purposes described in this Notice

Service providers such as IT services, marketing agencies, independent agents, payment processors, rating and assessment services, professional and advisory services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agents and other advisors or service providers working on ABB’s behalf

EU/EEA and non-EU/EEA (global)

The purposes described in this Notice

Insolvency administrators or creditors

EU/EEA and non-EU/EEA (global)

For default and insolvency management

Potential or actual acquirers of ABB businesses or assets

EU and non-EU

For the evaluation of the business or assets in question or executing the transformation/merger of the companies

Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc.

EU and non-EU

Where required by applicable law or a legitimate request by government authorities, or a valid legal requirement

6. How long do we process and keep your personal data?

In principle, we process and store your personal data only as long as this is necessary for the processing purposes mentioned in this Notice, until you withdraw your consent to process your personal data for the marketing purposes described in this Notice (Art. 6 (1) a) GDPR, Art. 22 (2) c) GDPR and/or § 7 (2) Nr. 3 UWG) or until you object to the use of your personal data in case of a legitimate interest being the legal basis for processing (Art. 6 (1) f) GDPR).

Based on mandatory legislation, ABB must keep certain personal data for a minimum period of time, even if you have withdrawn your consent or exercised your objection rights. At the same time, applicable data protection laws require that we do not keep personal data in an identifiable form for any longer than is necessary for the purpose for which the personal data is being processed. Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted when we no longer need it.

In general and within the scope of our business relationship, customer related personal data is kept for the duration of the contractual relationship as required for the fulfilment of contractual or legal obligations, unless its further processing for a limited period is necessary for the fulfilment of statutory retention and documentation periods, regulatory requirements or for the preservation of evidence within the statutory limitation periods. In this case, we will retain the personal data concerned until the end of the respective statutory period (typically between 5-10 years after the termination of the contract).

If we process your personal data for direct marketing purposes with your consent or on the basis of a legitimate interest, we will retain the personal data required for this purpose until you notify us that you object to data processing for direct marketing purposes or withdraw your consent in this regard. If we do not process your personal data for purposes other than direct marketing (e.g. in the context of business relations or the execution of contracts), this data will be securely deleted in accordance with data protection regulations after receipt of your revocation or objection. The interest and customer profile that we create on the basis of your personal data using automated methods with your consent in accordance with Art. 22 (2) c) GDPR is generally kept for up to 24 months, unless you have withdrawn your consent earlier.

7. Which data privacy rights do you have with regards to your personal data?

As a data subject in terms of the GDPR, you are entitled to certain data protection rights regarding the processing of your personal data by us as controller based in Germany, which we have described in detail in the Annex to the Notice "Your rights as a data subject”.

Please note that the rights described above are not absolute, and that your request cannot always be met entirely. In certain circumstances, we may need to restrict these data subjects' rights in order to protect the public interest (e.g. the prevention or detection of criminal offences) or our business interests (e.g. the protection of legal privileges). If you want to know more about your data protection rights as well as the conditions and restrictions under which they are available to you, you may want to refer to the Annex to this Notice.

You may request to enforce your data privacy rights at www.abb.com/privacy.

8. Remedies, contact and further information

If you want to access your personal data, make use of any of your other data privacy rights mentioned in this Notice or if you have any questions or concerns about how ABB processes your personal data, you may contact us or submit your requests or complaints at www.abb.com/privacy. You may also send your questions, concerns and complaints about the treatment of your personal data directly to our data protection officer under the contact details mentioned above.

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may, in accordance with your right of complaint under Art. 77 GDPR, also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.

9. Updates to this document

This Privacy Notice may be updated from time to time as a result of required developments. In case of such updates, we will undertake necessary actions to inform you about them depending on the importance of changes done. If and where required by applicable laws, we will also ask for your consent to any material Privacy Notice changes describing our up-to-date practices.

Please check the “date of publication” to see when this Privacy Notice was updated.

Date of publication: 20.05.2021


Annex to the Data Protection Notice: Your rights as a data subject

1. Right of access

You have the right to receive from us at any time upon request (text form) information about your personal data processed by us within the scope of Art. 15 GDPR. This right is limited by the statutory exceptions of § 34 BDSG, according to which the right of access is excluded, in particular if the data is stored on the basis statutory retention and documentation periods or for the purposes of data security and data protection control, the provision of information would require a disproportionate effort and a misuse of the data processing is prevented by suitable technical and organizational measures.

2. Right to rectification

You have the right, pursuant to Art. 16 GDPR, to obtain from us the immediate rectification of personal data concerning you, should it be incorrect.

3. Right to erasure

You have the right to obtain from us, under the conditions set out in Art. 17 GDPR, the deletion of any personal data relating to you. These conditions apply in particular if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have unlawfully processed your personal data, c) you have withdrawn your consent without another legal basis applying to the data processing, d) you have successfully objected to the data processing or e) in cases where there is an obligation to delete personal data on the basis of EU law or the law of an EU member state to which we are subject. This right is limited by the statutory exceptions of § 35 BDSG, according to which the right to erasure may in particular be excluded if, in case of non-automated data processing, there is a disproportionately high expenditure for the deletion and your interest in the deletion is to be regarded as low.

4. Right to restriction of processing

In accordance with Art. 18 GDPR, you can request us to process your personal data only to a restricted extent. This right exists if a) the correctness of your personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified right of erasure, c) the data is no longer required for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims or d) the success of an objection is still disputed.

5. Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive from us personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, as well as the right to request us to forward this personal data to another controller.

6. Right to object

In accordance with Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is either based on a public interest pursuant to Art. 6 (1) e) GDPR or a legitimate interest pursuant to Art. 6 (1) f) GDPR. Upon receipt of your objection notice, we will then cease processing your personal data unless we can prove that there are compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will cease such processing in any case.