You can view this page in:

ABB Privacy Policy - Marketing & Sales

Data Protection Notice for Business Partners

At ABB, respecting your data privacy rights is a top priority. This data protection notice (hereinafter: “notice”) explains why and how we collect personal data about you, how we process such data, and what rights you have regarding your personal data. 

Who is the controller of your personal data?

ABB Asea Brown Boveri Ltd and its subsidiary are responsible for your personal data. In accordance with applicable data protection laws, the data controller is the ABB subsidiary that provides services or communicates with you. Each such entity is regarded as an independent controller of your personal data, and this notice applies to all such companies (please refer to the ABB website for a list).

Responsible ABB subsidiaries (controllers) located outside of the European Union (EU) have appointed a representative for EU data privacy matters. For details about your controller’s EU representative, please submit a request at www.abb.com/privacy.

In your case, ABB AG, Kallstadter Straße 1, 68309 Mannheim, Germany, or any respective company affiliated with ABB AG pursuant to §§ 15 ff. of the German Stock Corporation Act (Aktiengesetz - AktG), decides as "controller" within the meaning of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) how and for which purpose your personal data will be used in accordance with this notice (hereinafter: "we" or "us").

You can contact our data protection officer as follows:

ABB AG
Konzerndatenschutzbeauftragter
Kallstadter Str. 1
68309 Mannheim
privacy@abb.com

Which of your personal data do we process?

We process personal data that we receive from you either as a result of your contact enquiry, specific pre-contractual enquiry or registration for a specific event via our websites, by e-mail or telephone or at a trade fair, roadshow or other event (hereinafter also referred to as "enquiry") or in the course of an existing business relationship with you or your company (hereinafter: “you”).

In general we process and store the following personal data:

  • The business contact information you share with us: name, title, job title, email address, business address, telephone number, mobile telephone number
  • Additional information you provide to us in the course of our business relations, such as: interests in ABB products, marketing preferences, registration information provided at events, fairs, contract or order data, invoices, payments, business partner history, etc.
  • Information your browser makes available when you visit an ABB website: IP address, the source of your site visit, time spent on the website or a particular page, links clicked, comments shared, browser type, date and time of visit, etc.
  • To the extent necessary to fulfil our obligations, data obtained from publicly accessible sources or which are legitimately transmitted by other third parties (e.g. a credit agency): commercial register data, association register data, creditworthiness data.

Why do we process your personal data?

We process your personal data primarily for the purpose of establishing the business contact with you that you have requested and for the processing and execution of services requested within this business relationship.

Your personal data will be used for this purpose in particular to:

- process and execute orders and to keep you informed about the status of your order,

- provide and manage our products and services and

- provide customer support and evaluate and respond to inquiries.

Your personal data will also help us to understand your interest in our products, to develop our business relationships with you and to provide you with the marketing information you request. Furthermore, your personal data will be stored in our ABB-Group CRM Database for the processing purposes mentioned in this notice.

We use your personal data for marketing purposes, in particular to

- conduct customer satisfaction surveys;

- perform data analysis (e.g., market research, trend analysis, financial analysis and customer segmentation)

- provide you with marketing communication (e.g. notifications, advertising material, newsletters, etc.), and

- perform other marketing and sales activities (including generating leads, tracking marketing perspectives, conducting market research, determining and controlling the effectiveness of our advertising and marketing campaigns, and managing our brand).

To provide you with tailored marketing communication and advertisement, we will use automated methods to build a profile based on data that we have obtained as described in this notice. You have the right to object to profiling activities by submitting a data subject request at www.abb.com/privacy.

Apart from the above, we may process your personal data to fulfil contracts with you or to carry out pre-contractual measures upon your request. As part of our business relationship, you need to provide us with your personal data, which is necessary to establish, conduct and terminate a business relationship with you, required for the fulfilment of the contractual obligations associated with it or which we are legally obliged to collect. Without this data we will generally not be in a position to establish, maintain or terminate a business relationship with you or to take any contractual or pre-contractual measures in this regard at your request.

Of course, we only collect personal data from you that we need for these processing purposes. We may also anonymously collect your personal information so that you cannot be identified by that information and then use that information for further processing purposes, including improving our services and reviewing our IT systems.

On which legal basis do we process your personal data?

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), in particular according one of the following legal bases, as applicable:

  • Art. 6 (1) b) GDPR, if and to the extent we process your personal data for the fulfilment of contractual obligations from contracts concluded with you or as part of pre-contractual measures,
  • Art. 6 (1) c) GDPR, if and to the extent we process your personal data on the basis of statutory requirements or administrative orders (e.g. on the basis of our tax control and reporting obligations),
  • Art. 6 (1) f) GDPR, if processing within our business relationship is necessary in order to protect the legitimate interests of us or third parties. This requires a weighing of interests pursuant to Art. 6 para. 1 lit. f) DSGVO, according to which a processing of personal data is permissible if it is necessary to safeguard the legitimate interests and does not outweigh the interests or fundamental rights and freedoms of the data subject which require the protection of personal data. The use of your personal data for the purposes of processing your enquiries, providing information requested by you, organizing and performing the events you have requested or for direct marketing purposes is a recognized legitimate interest pursuant to Art. 6 Para. 1 lit. f) GDPR as it is establishing a direct and relevant relationship between you and us (e.g. as consumer, sole trader or in your function of your company) which entitles us to process your personal data. We ensure that you only receive the information, invitations and offers that are relevant or of interest to you. Furthermore, we have a legitimate interest in collecting your personal data in ABB Group CRM systems and databases if you have voluntarily provided us with your personal data for this purpose as part of your registration, e.g. by providing it or transmitting your (electronic) business card, or if we are in a business relationship with you. You may obtain a copy of our assessment of why we may process your personal data for these interests by submitting a request at www.abb.com/privacy.
  • Art. 6 (1) a) GDPR, if and to the extent we process your personal data in exceptional cases without a concrete enquiry from your side or an existing business relationship with you for the purposes of direct marketing, on the basis of your consent as the legal basis for such data processing. You may of course withdraw such consent at any time in accordance with Art. 7 (3) GDPR with effect for the future.
  • If and to the extent we send you marketing information by electronic mail, we also require your further consent according to § 7 (2) No. 3 Competition Act (Gesetz gegen den unlauteren Wettbewerb - UWG).

Who processes your personal data?

As part of a global group, we have business relationships with ABB Group companies and external service providers, both within and outside the European Economic Area (EEA), which we may also use to process your personal data as necessary for the purposes described in this notice. Where we share your personal data with a party outside of the EU, we always put safeguards in place to protect your personal data as described below.

In addition, when processing your personal data for the above-mentioned purposes through the use of external service providers as data processors (e.g. computer centers, software companies and marketing automation providers) these data processors are engaged within the framework of an existing contractual relationship, bound by instructions, and receive your personal data only to the extent and for the period required for the provision of the service.

Within ABB we are obliged to maintain a high level of data protection in order to ensure that your personal data is protected in accordance with the GDPR (as described below).

Recipient name or – for non-EU countries – recipient category

Recipient location

Purpose

Safeguards in place to protect your personal data

ABB affiliates and subsidiaries

See the list of ABB subsidiaries

The purposes described in this notice

EU Model Clauses

ABB business partners, distributors, and agents

EU and non-EU

The purposes described in this notice

EU Model Clauses

Service providers

EU and non-EU

IT services, marketing agencies, payment processors, customer support providers working on ABB’s behalf

EU Model Clauses and commercial contracts ensuring your data is only used to provide the services to ABB

Potential or actual acquirers of ABB businesses or assets

EU and non-EU

For the evaluation of the business or assets in question or for the purposes described in this notice

EU Model Clauses and commercial contracts ensuring your data is only used to evaluate ABB’s business or assets or for the purposes described herein

Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc.

EU and non-EU

Where required by applicable law or a legitimate request by government authorities, or a valid legal requirement

We will ensure, to the extent possible, that adequate protection is provided for your data when it is transferred out of the EU in these circumstances

You may obtain a copy of the safeguards which we use to protect your personal data by submitting a request at www.abb.com/privacy.

How long do we process and keep your personal data?

We process and store your personal data only as long as this is necessary for the processing purposes mentioned above, until you object to the use of your personal data in case of a legitimate interest being the legal basis for processing (Art. 6 (1) f) GDPR) or until you withdraw your consent given in accordance with Art. 6 (1) a) GDPR (§ 7 (2) No. 3 UWG). Thereafter, your personal data will be securely deleted on a regular basis, unless their temporary further processing is necessary to meet legal or regulatory obligations, especially to comply with commercial and tax retention obligations, to resolve potential disputes or to preserve evidence within the scope of the statutory limitation provisions. Should this be the case, we will retain the personal data concerned until the end of the respective statutory period.

Which rights do you have with regards to your personal data?

If you have any questions about data protection, complaints about our treatment of your personal data, or if you wish to exercise your data protection rights listed in the Annex to this data protection notice, you may contact us at www.abb.com/privacy. You may also send complaints about the treatment of your personal data directly to our data protection officer. In certain circumstances, we may need to restrict these data subjects' rights in order to protect the public interest (e.g. the prevention or detection of criminal offences) or our business interests (e.g. the protection of legal privileges). If our response is not satisfactory to you or if you are of the opinion that we are processing your personal data unlawfully, you may, in accordance with your right of complaint under Art. 77 GDPR, also contact the competent data protection authority in the country where you live, work or believe that the data protection breach occurred.

Annex to the Data Protection Notice: Your rights as a data subject

  1. Right of access

    You have the right to receive from us at any time upon request (text form) information about your personal data processed by us within the scope of Art. 15 GDPR.

    This right is limited by the statutory exceptions of § 34 BDSG, according to which the right of access is excluded, in particular if the data is stored on the basis statutory retention and documentation periods or for the purposes of data security and data protection control, the provision of information would require a disproportionate effort and a misuse of the data processing is prevented by suitable technical and organizational measures.

  2. Right to rectification

    You have the right, pursuant to Art. 16 GDPR, to obtain from us the immediate rectification of personal data concerning you, should it be incorrect.

  3. Right to erasure

    You have the right to obtain from us, under the conditions set out in Art. 17 GDPR, the deletion of any personal data relating to you.

    These conditions apply in particular if a) the respective processing purpose has been achieved or otherwise ceases to apply, b) we have unlawfully processed your personal data, c) you have withdrawn your consent without another legal basis applying to the data processing, d) you have successfully objected to the data processing or e) in cases where there is an obligation to delete personal data on the basis of EU law or the law of an EU member state to which we are subject.

    This right is limited by the statutory exceptions of § 35 BDSG, according to which the right to erasure may in particular be excluded if, in case of non-automated data processing, there is a disproportionately high expenditure for the deletion and your interest in the deletion is to be regarded as low.

  4. Right to restriction of processing

    In accordance with Art. 18 GDPR, you can request us to process your personal data only to a restricted extent.

    This right exists in particular if a) the correctness of your personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified right of erasure, c) the data is no longer required for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims or d) the success of an objection is still disputed.

  5. Right to data portability

    In accordance with Art. 20 GDPR, you have the right to receive from us personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format, as well as the right to request us to forward this personal data to another controller.

  6. Right to object

In accordance with Art. 21 GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is either based on a public interest pursuant to Art. 6 (1) e) GDPR or a legitimate interest pursuant to Art. 6 (1) f) GDPR.

Upon receipt of your objection notice, we will then cease processing your personal data unless we can prove that there are compelling legitimate reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will cease such processing in any case.