Employee and Contingent Worker Privacy Notice

At ABB, respecting your data protection rights is a top priority. This Privacy Notice explains how we use personal data about you, how we process such data, and what rights you have.


1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA

This Privacy Notice ("Notice") applies to the ABB Group of companies, which means ABB Ltd, Switzerland and each entity in which ABB Ltd, Switzerland, directly or indirectly, has a majority holding or owns or controls the majority of voting rights. The ABB company that is your employer or with which you, your employer or the company through which you are assigned to ABB have/has a contractual relationship   

(also referred to as "ABB" or "we") is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice.

Other subsidiary companies of ABB may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.


2. Why we use your personal data

The types of information we collect and use

We collect and use personal data that concerns you in connection with your employment at ABB or work assignment and the services you are providing under the work assignment/statement of work directly to ABB. 

We may collect the following categories of personal data:

  • Personal details and identification data such as name, personal and business address, personal and business telephone number, personal and business email address or any other contact details, date and country of birth.
  • Personal data related to family and social circumstances such as gender, age, marital and family status (including also the name and contact details of the next of kin).
  • Employment or work assignment related personal data such as employee number, signature, employment or work assignment status, social security and tax numbers, insurance number, country of residence, residence status, nationality, citizenship, photo, emergency contacts and passport information, work and residence permit, immigration status and travel visa information.
  • Skill and experience details such as qualifications and certifications including current and previous positions, education and training courses, resume/CV, records of education and work achievements, in some cases: contact details of referees and results of capability assessments and interview assessment/feedback.
  • Data connected with a potential conflict of interest such asbusiness relationships and your participation in other businesses, directorships, major shareholdings; being employed by or holding a position with a state-owned entity, government department, authority, or agency; data of the person who recommended or asked to apply for the role.
  • In case of performing additional specific checks during the recruitment process, we may retain: data related to credit and loan history; data related to civil litigation or business disputes on record.
  • Job information and work metrics such as position, title, employment contract, payroll ID, line manager, job band, performance history, employment or work assignment status, leave of absence information, working time logging, training records, performance targets and development goals. In some cases, we may also record results of capability assessments, safety reports and incidents, and professional feedback.
  • Compensation, allowances, benefits and expense related information such as salary data, payroll data, pension plan number and contributions, non-salary benefits, bonus, compensation, share options, dependents, beneficiaries or health benefit nomination, bank statements, expense claims and receipts, bank account details, credit card data, phone expenses and insurance data.
  • Electronic identification data and information (where employee and contingent worker has access or is affected by such systems or applications) such as access logs, login data and log files, IT, applications, and internet usage, information on consumption of the applications, device identifiers (mobile device ID, PC ID etc.), registration and login credentials, IP address, recordings (e.g. voice mail/call recordings), posts on corporate platforms (e.g. Viva Engage), password recovery data, information obtained via IT security tools (including network and email protection), digital alias/signature.
  • Tracking and analytics data, including device and browser information, interaction data, user preferences, session metrics, and technical performance data, time and url, searches, website registration and cookie data recordings.
  • Prompts (inputs) and responses (outputs) including citations to any information used to ground artificial intelligence response, information about interactions, history activity with features using artificial intelligence, activity history.
  • Financial and other details such as account information, credit checks, payment details and transactions, investigation information and disciplinary history.
  • Other personal data (which may include special categories of information as mentioned below) namely where you or others (such as your colleagues) may register these data on or in our systems, programs and application such as business documents containing personal information (e.g. queries, questions, complaints, orders and related records; emails; reports; contracts; presentations, minutes; work products), photos, images and/or videos.

The below mentioned types of personal data are only collected and processed, if at all, in accordance with applicable local laws in your country of residence.

  • Special categories of personal data such as:
  • membership of religious congregations (e.g. if required for tax purposes);
  • health and medical information, including disability status, special working conditions (such as use of a standing desk) and medical devices needed on the premises, work related injury and illness information, data for travel emergency support (blood type, medical history, allergies);
  • race or ethnicity (e.g. where this is used for diversity purposes, including due to the mandatory local legislation);
  • in some cases: trade union membership, political opinions and sex life or sexual orientation (e.g. where this is used for investigations of non-equal treatment);

The categories of personal data mentioned above are collected when required by the local law only or where they are used to secure equal opportunity and treatment for all employees and contingent workers in ABB, in accordance with the local law.

  • Data about criminal convictions and offences such as criminal background information and sanction list information to the extent required for the purposes of criminal background screening and Know Your Customer (“KYC”) and Anti Money Laundering (“AML”) obligations, always in line with the applicable local laws.
  • Military status (protected veterans).
  • To the extent necessary to fulfil our obligations, data obtained from publicly accessible sources, or which are legitimately transmitted by other third parties (e.g. a credit agency) such as data in public professional social media (e.g. LinkedIn), background check data.

In case you would like to be provided with information about a specific personal data processing activity, you can request that by submitting a request at www.abb.com/privacy.

Why we use your personal data

We may use your personal data as listed above for the following purposes:

  • human resources management including organization and personal administration, working hours management, improving and maintaining effective staff administration, internal workforce analysis, reporting and planning;
  • staff transfer management from different affiliates and succession planning;
  • payroll, compensation and benefits management including providing staff benefits and maintaining salary, compensations including intellectual property, allowances, benefits, insurances, pensions and performance reviews;
  • talent management and acquisition including recruitment, assessing suitability and working capacity, background checks and verification of qualifications, obtaining and providing references;
  • learning and development management including certifications, training staff and performing assessments and employee or contingent worker satisfaction surveys;
  • processes related to joining and leaving including internal moves and terminations;
  • sickness and other leave and vacations management;
  • internal health and safety programs including health and safety and accident records or reporting and managing process quality;
  • travel and expenses management and organization of business trips including monitoring of travelers to provide support during security or medical emergencies; providing travel security, health and safety training and on voluntary basis assistance in giving security support during emergencies;
  • carrying out the obligations and exercising specific rights in the field of employment and social security law or a collective agreement;
  • internal and external communication of ABB’s organization and representation of ABB including commercial register and assigning powers of attorney;
  • organizing ABB events and documentation of such events including managing and organizing internal non-marketing related campaigns, events and meetings;
  • managing ABB assets including pictures and videos depicting employees, contingent worker or other individuals available for download on the ABB intranet, ABB website, etc.;
  • finance and shared accounting services providing record to report, order to cash and purchase to pay services;
  • reorganization, acquisition and sale of activities, business units and companies;
  • business reporting, 
  • monitoring and auditing compliance of employees’ and contingent workers’ activities in the workplace with ABB’s corporate policies, contractual obligations and legal requirements including disciplinary actions;
  • carrying out audits, reviews and regulatory checks to meet obligations to regulators;
  • governance, risk and compliance, including compliance with laws, law enforcement, court and regulatory bodies’ requirements (such as for the process of verifying the identity of customers, called as Know Your Customer ("KYC")/ Anti Money Laundering ("AML") monitoring purposes), customs and global trade compliance, conflict of interest and security obligations) and prevention, detection, investigation and remediation of crime and fraud or prohibited activities or to otherwise protect legal rights and to establish, exercise or defend legal claims;
  • managing the customer relationship, processing customer orders and providing customer support, processing, evaluating and responding to requests and inquiries;
  • managing the suppliers, vendors, contingent workers, advisers and other professional experts including tendering, engagement, contract interaction, processing and fulfilling purchases and invoices, and contract lifecycle management;
  • making use of work performance and products and for references on documents, such as drawings, purchase orders, sales orders, invoices, reports;
  • access control system providing electronically controlled ingress and/or egress for authorized individuals to locations that have access restrictions and a registry of personnel on site in case of emergencies;
  • intrusion detection including 3rd party monitoring of duress, perimeter, internal security points and ancillary supervisory monitors for site maintenance/automated systems;
  • maintaining and protecting the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, fraud or other criminal or malicious activities, and ensuring business continuity; and
  • managing IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), master data and workplace including user accounts management, software licenses assignment, applications usage and consumption, security and performance testing and business continuity.

We collect only the personal data from you that we need for the purposes described above. Certain personal data collected from you relates to your next of kin and emergency contacts. In these cases, you are requested to inform such persons about this Notice.

In case you are working at a third-party site (for example ABB customer location or facility), such third party may need to process your personal data for their purposes acting as a data controller. In these cases, you will receive or may request a separate privacy notice from the relevant data controller.


3. Sources of collecting personal data and what happens if we are unable to use it

In most cases, we collect your personal data directly from you. In some situations, we may collect your personal data: - from publicly accessible sources or which are legitimately transmitted by other third parties; - from third parties we cooperate with; via the communications systems, IT applications and website browsers.

Where it concerns processing operations related to your employment or contractual relationship (as described above), ABB will not be able to adequately employ you or use your service without certain personal data and you may not be able to exercise your employee rights or rights stemming from the contract with ABB based on which you provide your service if you do not provide the personal data requested. Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect your employment or the service which you provide in a negative manner, such as not being able to exercise your statutory rights or even to continue your employment or the service which you provide. Whenever you are asked to provide us with any personal data related to you, we will indicate which personal data is required, and which personal data may be provided voluntarily.

The legal basis we rely on

For the use of your personal data for the purposes described above (in section 2), we rely on the following legal basis, as applicable:

  • We process your personal data for the fulfilment of obligations in your employment contract with us or the contract based on which you, your employer or the company through which you are assigned to ABB provides service to ABB; and for the fulfilment of similar collective employment agreements, or as part of pre-contractual measures to establish employment and related contracts;
  • In some cases, we rely on our legitimate interests to process your personal data insofar as this is not overridden by your own privacy interests. Such interests may include:
  • monitoring (for example through IT systems), investigating and ensuring compliance with legal, regulatory, and ABB internal policies and standards 
  • prevention of fraud and criminal activity including investigations of such activity, misuse of ABB assets, products and services, and as strictly necessary and proportionate for ensuring network and information security; and
  • transmitting personal data within the ABB group for internal administrative purposes as necessary, for example to provide centralized services.

You may obtain a copy of our assessment regarding our legitimate interest to process your personal data by submitting a request at www.abb.com/privacy.

  • In some cases, we process your personal data on the basis of statutory requirements, for example, on the basis of labor and social security law, allowances, tax or reporting obligations, cooperation obligations with authorities or statutory retention periods in order to carry out our contractual responsibilities as an employer or a party which you provide your service to;
  • In exceptional circumstances we may ask your consent at the time of collecting the personal data, for example photos, communications materials and events. If we ask you for consent in order to use your personal data for a particular purpose, we will remind you that you are free to withdraw your consent at any time and we will tell you how you can do this.

With regard to special categories of personal data we will only process such data in accordance with applicable law and:

  • with your explicit consent for specific activities in accordance with applicable law;
  • when necessary for exercising rights based on employment or the contract based on which you, your employer or the company through which you are assigned to ABB provides service to ABB, social security or social protection law or as authorized by collective agreement, or for preventive and occupational medicine or and evaluation of working abilities; or
  • where necessary for establishment, exercise and defense of legal claims.
  • with regard to personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.


4. Parties we share your personal data with (in and outside the EU and EEA or outside the country wherean ABB entity which employs you or which you provide service for is located)

We only share your personal data with other ABB affiliates or third parties as necessary for the purposes described in the list below. Where we share your personal data with an affiliate or third party so that it transfers to or becomes accessible from outside the European Union (“EU”) andEuropean Economic Area ("EEA") or outside the country where an ABB entity which employs you or which you provide service for is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission Standard Contractual Clauses. We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where an ABB entity which employs you or which you provide service for is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.

Recipients or recipient category:

  • ABB affiliates and subsidiaries - See the list of ABB subsidiaries – The purpose described in Notice, including human resource management, talent management and organizing internal trainings and events;
  • ABB customers, business partners, distributors, and agents (EU/EEA and non-EU/EEA (global) – The purpose described in Notice, including human resource management, talent management and organizing internal trainings and events;
  • Service providers such as IT services, HR and training, payroll and payment processors, professional and advisory services including accountants, auditors, lawyers, insurers, bankers, recruiters, travel agents and other advisors working on ABB’s behalf. (EU/EEA and non-EU/EEA (global) – The purpose described in Notice;
  • Pension funds, labor and industry organizations and associations - The purposes described in section 2.
  • Insolvency administrators or creditors (EU/EEA and non-EU/EEA (global) - For default and insolvency management;
  • Potential or actual acquirers of ABB businesses or assets (EU and non-EU) – For the evaluation of the business or assets in question or executing the transformation/merger of the companies of for the purposes described in Notice;
  • Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc. (EU and non-EU) - Where required by applicable law or a legitimate request by government authorities, or a valid legal requirement.


5. How long do we process and keep your personal data

Based on mandatory legislation, ABB must keep certain personal data for a minimum period of time. For example, employment contracts, information about salary payments and reimbursements need to be kept for a minimum period based on local corporate and tax legislation. The retention period of your employee file after you leave ABB differs according to country legal requirements. 

At the same time, applicable data protection laws require that we do not keep personal data in an identifiable form for any longer than is necessary for the purpose for which the personal data is being processed. Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted or anonymized when we no longer need it. After an applicable retention period has lapsed, we will securely delete or anonymize your personal data, unless there are specific circumstances that require us to keep such personal data, such as legal or regulatory obligations or to resolve potential disputes.

For more information regarding specific retention periods that apply to your personal data, please submit a request at www.abb.com/privacy.


6. Security and monitoring of ABB systems and sites

ABB takes the security of its data very seriously, including your information and ABB's digital business assets. ABB sees this as a shared responsibility, where it takes the necessary steps to secure such data, and where it expects its staff members to do the same. You can read more about our security measures and your responsibilities End User Security Procedure.

Monitoring of ABB's systems 

For business reasons, and in order to maintain IT security measures, information about the use of ABB's systems including telephone (mobile and fixed) and computer systems (including email and internet access), and any personal use of them, is collected and monitored, and used when necessary for the security of ABB’s system and compliance with ABB security group policies and in accordance with the applicable law. If you access services by the use of passwords and login names on ABB's IT and communication systems, this might mean that your access details can be seen by ABB.

Monitoring is only carried out if and to the extent permitted or as required by law and as necessary and justifiable for business purposes. The resulting log files will be kept for a minimum period in accordance with section 5 . This is required so that instances of attempted misuse and other security events can be detected, and that information is available to support any subsequent investigation and follow up actions. To the extent permitted by law and internal policies, action may be taken under the disciplinary procedure.

If necessary such information may be handed to the police or other law enforcement agencies. Investigations and disclosure of information to the relevant authorities shall be carried out only to the extent permitted by law.


7. Which data protection rights do you have with regards to your personal data?

Depending on the jurisdiction in which you are located and in which your personal data is processed, you may have the following rights:

Data protection rights

What it means

The right to access your data

You are entitled to ask ABB for an overview of or to obtain a copy of the personal data we hold about you.

The right to have your data corrected

You may request immediate correction of inaccurate or incomplete personal data we hold about you.

The right to have your data erased

You may request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful.

The right to restrict data processing

You have the right to restrict the processing of your personal data in specific circumstances.

The right to data portability

You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to transfer it to a third party.

The right to object to data processing

You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data, which is based on a legitimate interest.

The right to withdraw consent

Where ABB has asked for your consent to process personal data, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain personal data.

You may request to enforce any of your data privacy  rights at www.abb.com/privacy. 


8.Contact and further information 

If you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how ABB processes your personal data, please submit your request at Data Privacy | Privacy | ABB. For any other cases please contact our Group Data Protection Officer at privacy@abb.com  

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.


9. UPDATES TO THIS DOCUMENT

This Privacy Notice may be updated from time to time as a result of required developments. In case of such updates, we will undertake the necessary actions to inform you about them depending on the importance of changes done. If and where required by applicable laws, we will also ask for your consent to any material Privacy Notice changes describing our up-to-date practices.

Please check the “date of publication” to see when this Privacy Notice was updated.


10. SPECIFIC INFORMATION UNDER OTHER DATA PROTECTION LAWS

SOUTH AFRICA – POPIA COMPLIANCE

This section provides additional information for employees and contingent workers located in South    Africa, in accordance with the Protection of Personal Information Act 4 of 2013 (POPIA).

POPIA gives effect to the constitutional right to privacy under Section 14 of the Constitution of the        Republic of South Africa.


10.1 Eight Conditions for Lawful Processing

ABB adheres to the eight conditions for lawful processing of personal information under POPIA:

- Accountability

- Processing Limitation

- Purpose Specification

- Further Processing Limitation

- Information Quality

- Openness

- Security Safeguards

- Data Subject Participation


10.2 Legal Basis for Processing

Personal information is processed in accordance with Section 11 of POPIA, which permits processing where necessary for the performance of a contract, compliance with legal obligations, protection of  legitimate interests, or with the data subject’s consent.


10.3 Special Personal Information

Special personal information, including health, biometric, and criminal data, is processed only under the conditions permitted by POPIA, such as explicit consent, legal obligation, or for the establishment of     legal claims.


10.4 Data Subject Rights

Under POPIA, data subjects have the right to access, correct, delete, and object to the processing of their personal information. ABB respects and facilitates these rights in accordance with South African law.


10.5 Information Officer

ABB has appointed an Information Officer in accordance with Section 55 of POPIA, responsible for    ensuring compliance with the Act and serving as the point of contact for data subject requests.

Date of publication: February 2026