Privacy Notice
1. Introduction
This Visitor and CCTV Privacy Notice ("Notice") applies to the ABB Group of companies, which means ABB Ltd, Switzerland and each entity in which ABB Ltd, Switzerland, directly or indirectly, has a majority holding or owns or controls the majority of voting rights. The ABB company that is hosting you (referred to as "ABB" or "we"), is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice.
At ABB, respecting your data protection rights is a top priority. This Notice explains how we use personal data about you, how we process such data, and what rights you have regarding your personal data.
2. Who is responsible for the processing of your personal data?
ABB Ltd and its subsidiary companies are responsible for your personal data. For applicable privacy and data protection laws, the primary controller of your data is the ABB subsidiary company, which is hosting you. Other subsidiary companies of ABB may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.
3. The types of information we collect and use?
We collect and use personal data that concerns you in connection with your visit. We may collect the following categories of personal data:
-
Identification data and business contact information, you share with us such as first name, last name, job/position/title, business email address, business address, telephone number, mobile telephone number, telefax number, private telephone number, gender, date of birth, vehicle license plate, number of a valid identification document
-
Additional information you provide to us related to or during your visit such as logging details for facilities and locations, employee hosting, purpose of visit, records relating to your visit.
-
Image and video recordings from closed circuit television system (CCTV) footage.
-
Electronic identification data and information collected by the communications systems, IT applications and website browser (where visitor has access or is affected by such systems or applications) such as information technology usage (system access, IT and internet usage), device identifier (mobile device ID, PC ID), registration and login credentials, IP address, login data and log files, Analytics ID, time and url, searches, website registration and cookie data.
The below mentioned types of personal data are only collected and processed, if at all, in accordance with applicable local laws in your country of residence and where relevant depending on your visit.
-
Data about criminal convictions and offences such as criminal background information to the extent required for the purposes of criminal background screening for granting access to the facilities.
-
To the extent necessary to fulfil our obligations, data obtained from publicly accessible sources or which are legitimately transmitted by other third parties such as criminal and sanctions register data.
4. Why we use your personal data?
We may use your personal data as described above for the following purposes:
-
visitor management, registration and visitor access management including related contact interaction and references on documents;
-
health and safety management including medical emergencies;
-
closed circuit television system (CCTV) capture for the purposes of public and staff safety, building security and crime prevention and detection;
-
access control system providing electronically controlled ingress and/or egress for authorized individuals to locations that have access restrictions and a registry of personnel on site in case of emergencies;
-
maintain and protect the security of products, facilities, services, systems, networks, computers and information, preventing and detecting security threats, and fraud or other criminal or malicious activities;
-
monitoring and auditing compliance with ABB’s corporate policies, contractual obligations and legal requirements;
-
carrying out audits, reviews and regulatory checks to meet obligations to regulators; and
-
manage IT resources, including infrastructure management including data back-up, information systems’ support and service operations for application management, end user support, testing, maintenance, security (incident response, risk, vulnerability, breach response), master data and workplace including user accounts management, software licenses assignment, security and performance testing and business continuity.
We only collect the personal data from you that we need for the above purposes. For statistical purposes, improvement of our services and testing of our IT systems we use as much as reasonably possible anonymized data. This means that these data can no longer (in)directly identify you or single you out as an individual.
5. What happens if you do not provide us with the information we had asked you for or if you ask us to stop processing your information
Where it concerns processing operations related to your visit at ABB (as described above), ABB will not be able to adequately ensure the safety of you and other persons in the facility and monitor the security of the facilities and generally perform the purposes described above without certain personal data. Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect your visit, such as not being able to allow you to enter certain or all ABB facilities and locations.
6. The legal basis we rely on
We use your personal data for the purposes described in this notice based on one of the following legal bases, as applicable:
-
We will rely on our legitimate interests to process your personal data within the scope of your visit at ABB, if they do not unduly affect your interests or fundamental rights and freedoms. Our legitimate interests to collect and use the personal data for this purpose are to:
-
conduct, management, development and furtherance of our business in the broadest sense possible including visitor, facilities and locations management, ensuring safety and security, acquisition and sale of activities, business divisions and companies;
-
monitor, investigate and ensure compliance with legal, regulatory, standard and ABB internal requirements and policies;
-
prevent fraud and criminal activity including investigations of such activity, misuse of ABB assets, products and services, and as strictly necessary and proportionate for ensuring network and information security; and
-
transmitting personal data within the ABB group for internal administrative purposes as necessary for example to provide centralized services.
You may obtain a copy of our assessment of why we may process your personal data for these interests by submitting a request at www.abb.com/privacy.
-
In some cases, we process your personal data on the basis of legal obligations and statutory requirements, for example, on the basis of safety obligations, cooperation obligations with authorities, statutory retention periods or the disclosure of personal data within the scope of official or judicial measures may be required for the purposes of taking evidence, prosecution or enforcement of civil law claims.
-
With regard to personal data concerning criminal convictions and offences, we will only process such data where such processing is permitted by applicable (local) law.
7. Parties we share your personal data with (in and outside the EU and EEA or outside the country where the ABB company that controls your data is located)
We only share your personal data with other ABB affiliates or third parties as necessary for the purposes described in the table below. Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission (read more here), Standard Contractual Clauses (read more here), Privacy Shield certification (read more here), and the Binding Corporate Rules that some of our suppliers have adopted (read more here). We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.
Recipient category |
Recipient location |
Purpose |
ABB affiliates and subsidiaries |
See the list of ABB subsidiaries |
The purposes described in this privacy notice |
Service providers |
EU/EEA and non-EU/EEA (global) |
IT services, reception and facility management services, security services and other service providers working on ABB’s behalf |
Potential or actual acquirers of ABB businesses or assets |
EU/EEA and non-EU/EEA (global) |
For the evaluation of the business or assets in question or for the purposes described in this privacy notice |
Recipients as required by applicable law or legal process, to law enforcement or local or government authorities, etc. |
EU/EEA and non-EU/EEA (global) |
Where required by applicable law or a legitimate request by local or government authorities, or a valid legal requirement |
8. How long we keep your personal data
Based on mandatory legislation, ABB must keep certain personal data for a minimum period of time. We only keep your personal data for as long as necessary for the purposes described in this privacy notice. In general, personal data for visitor management is kept for the duration of 3 to 12 months. Certain personal data will be kept for longer period if required by local laws and regulatory requirements or to respond to legal claims. Some of ABB's buildings and sites use CCTV systems to monitor their inside and outside for security and operational purposes. We do not keep the footage for more than one month or for a shorter retention period required by the applicable local law, unless this is necessary, for example to handle a security incident.
At the same time, applicable data protection laws require that we do not keep personal data in an identifiable form for any longer than is necessary for the purpose for which the personal data is being processed. Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted or anonymized when we no longer need it.
9. Your data privacy rights
Depending on the jurisdiction in which you are located and in which your personal data is processed, you may have the following rights:
Data privacy rights |
What it means |
The right to access your data |
You are entitled to ask ABB for an overview of or to obtain a copy of the personal data we hold about you. |
The right to have your data corrected |
You may request immediate correction of inaccurate or incomplete personal data we hold about you. |
The right to have your data erased |
You may request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful. |
The right to restrict data processing |
You have the right to restrict the processing of your personal data in specific circumstances. |
The right to data portability |
You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to transfer it to a third party. |
The right to object to data processing |
You have the right to object to our processing of your personal data based on the legitimate interests, where your data protection rights outweigh our reasoning for legitimate interests. |
Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain such personal data.
You may request to enforce your data privacy rights at www.abb.com/privacy.
Contact and further information
If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy.
Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.
Date of publication: October 23, 2019
[Additional information on personal data for residents in Korea]
Rights of legal representative and method of exercising the rights
A legal representative may request at any time to view, correct/delete, suspend the processing of, and withdraw consent to personal data on your behalf. The legal representative should prepare a Power of Attorney signed by you and contact us at the contact information provided above.
Period of retention and use of personal data; destruction of personal data
Usually, we immediately destroy relevant personal data after the purpose of collection and use is achieved. However, if applicable laws and regulations require us to retain the data, we will store it for a certain period prescribed in the applicable laws and regulations. In this case, we will transfer the relevant data to a separate database or other storage place.
-
Records on contract or subscription withdrawal: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
-
Records on price settlement and supply of goods: 5 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
-
Records on consumer complaint or dispute settlement: 3 years (Act on the Consumer Protection in Electronic Commerce, Etc.)
-
Records on collection/processing and use of credit information: 3 years (Use and Protection of Credit Information Act)
-
Records on labelling/advertising: 6 months (Act on the Consumer Protection in Electronic Commerce, Etc.)
-
User’s internet log records/user’s access point tracking data: 3 months (Protection of Communications Secrets Act)
-
Other data verifying communication facts: 12 months (Protection of Communications Secrets Act)
Personal data destruction process and destruction method
Usually, we immediately destroy your personal data after the purpose of collection and use of the personal data is achieved. The process and method of destruction are as follows:
(1) Destruction process
Once the purpose is achieved, your personal data is moved to a separate database (or a document box in the case of papers) and is destroyed after storage for a certain period under our internal data protection policy and other applicable laws and regulations (refer to the period of retention and use of personal data). The personal data moved to a separate database will not be used for a purpose other than the purpose of retention, unless otherwise provided by laws and regulations.
(2) Destruction method
We delete electronically stored personal data by using the technical means that make it impossible to restore the data. For paper-based personal data, we shred it via paper shredder or incinerate it.
Children
In principle, we do not collect personal data of Korean residents under the age of 14. Therefore, residents in Korea under the age of 14 must not provide their personal data to use our service. Installation and operation of automatic collection device for personal data; rejection thereof We operate ‘cookies’ that may store and find a user’s information from time to time. A cookie is a very small text file that a server, used by us to operate our website, sends to your browser and is stored in the hard disc of your computer.
(1) Purpose of using cookies
Implementation of automatic login function; analysis of a member/non-member’s visit frequency or time; understanding your preferences and concerns; tracing your footsteps; providing target marketing and customized services by identifying the degree of participation in various events and the number of visits.
(2) How to reject installation of cookies
You have the right to choose the installation of cookies. In other words, you may either allow all cookies by setting an option on your web browser, make confirmation every time a cookie is stored, or reject storage of all cookies. Please note that if you reject the installation of cookies, it may be difficult for us to provide you with our services.
-
How to set cookies (if you use Internet Explorer 8.0)
Go to “Tool” menu and click “Internet Options.” Click “Privacy” tab. Click “Settings” and set your level of accepting cookies.
-
How to see the cookies you have received (if you use Internet Explorer 8.0)
Go to “Tool” menu and click “Internet Options.” Click “General” tab, and click “Settings” in Search Record section. Click “View Files.”
-
How to reject the installation of cookies (if you use Internet Explorer 8.0)
Go to “Tool” menu and click “Internet Options.” Click “Privacy” tab. Click “Settings” and adjust to high level in order to “Block all cookies.”
Operation∙Management policy of CCTV
1. Number of installations, location of installation, and range of recording
Number of installations |
Location of installation |
Range ofrecording |
22 |
Entrance of CIP(ABB Korea Factory located in Cheonan) and inside thefactorybuilding |
Entrance and inside offactorybuilding |
5 |
Entrance of Seoul Office |
Entrance of office |
2. Management officer, department in charge and right of access
Management officer |
Department in charge |
Rightof access |
Young-ChulPark |
ZCRE |
YoungChulPark (SuseokTeam Jang) Seung-Min Sa (ChegIm) Young-Seok Noh (Group Jang) |
3. Recording time, location of storage and method of management
ABB's CCTV records from 00:00 to 24:00, stores the recording information in avi form in ABB's security room, and permanently deletes it in a way that cannot be restored at the end of the storage period.
4. How and where to check the recorded information
After contacting the management officer [young-chul.park@kr.abb.com] in charge of the building information management, visit the building control room at [ABB Cheonan Factory and ABB Seoul Office 9F].
5. Technical, administrative and physical measures related to requests for information
The relevant provisions of the Privacy Notice shall apply.