Visitor and CCTV Privacy Notice
1. Introduction
This Visitor and CCTV Privacy Notice ("Notice") applies to the ABB company that is hosting you (referred to as "ABB" or "we"), who is responsible for the processing of your personal data and controls how it is used, in accordance with this Notice. At ABB, respecting your data protection rights is a top priority. This Notice explains how we use personal data about you, how we process such data, and what rights you have regarding your personal data.
Other subsidiary companies of ABB may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.
2. The types of personal data do ABB collect and use?
ABB collect and use personal data that concerns you in connection with your visit as follows:
- Identification data and business contact information, you share with us such as first name, last name, job/position/title, business address, telephone number, vehicle license plate, number of a valid identification document as required in the visitor log template;
- Additional information you provide to us related to or during your visit such as logging details for facilities and locations, employee hosting, purpose of visit, records relating to your visit;
- Image and video recordingsfrom closed circuit television system (CCTV) footage; and
- Electronic identification data and information collected by the communications systems, IT applications and website browser (where visitor has access or is affected by such systems or applications)such as information technology usage (system access, IT and internet usage), device identifier (mobile device ID, PC ID), registration and login credentials, IP address, login data and log files, Analytics ID, time and url, searches, website registration and cookie data.
3. Why does ABB use your personal data?
The use of Your personal data provided during your visit will be limited to a need basis and shared only with the employees and third parties that are directly involved in the visitor management processes. All of the personal data ABB being collected and defined under this Notice will be used for the following purposes and the following lawful basis:
- ABB will rely on our legitimate interests to process your personal data within the scope of your visit at ABB, if they do not unduly affect your interests or fundamental rights and freedoms. Our legitimate interests to collect and use the personal data for this purpose are to:
- Visitor management, registration, and visitor access management, including related contact interaction and references on documents;
- closed circuit television system (CCTV) capture for the purposes of public and staff safety, building security, and crime prevention and detection;
- conduct, management, development and furtherance of our business in the broadest sense possible including visitor, facilities and locations management, ensuring safety and security, acquisition and sale of activities, business divisions and companies;
- access control system providing electronically controlled ingress and/or egress for authorized individuals to locations that have access restrictions and a registry of personnel on site in case of emergencies;
- monitor, investigate and ensure compliance with legal, regulatory, standard and ABB internal requirements and policies;
- prevent fraud and criminal activity including investigations of such activity, misuse of ABB assets, products and services, and as strictly necessary and proportionate for ensuring network and information security; and
- transmitting personal data within the ABB group for internal administrative purposes as necessary for example to provide centralized services.
- In some cases, ABB process your personal data on the basis of legal obligations and statutory requirements, for example, on the basis of safety obligations, cooperation obligations with authorities, statutory retention periods, or the disclosure of personal data within the scope of official or judicial measures may be required for the purposes of taking evidence, prosecution or enforcement of civil law claims.
ABB only collect the personal data from you that we need for the above purposes. For statistical purposes, improvement of our services and testing of our IT systems ABB use as much as reasonably possible anonymized data. This means that these data can no longer (in)directly identify you or single you out as an individual.
4. What happens if you do not provide us with the information we had asked you for or if you ask us to stop processing your information
Where it concerns processing operations related to your visit at ABB (as described above), ABB will not be able to adequately ensure the safety of you and other persons in the facility and monitor the security of the facilities and generally perform the purposes described above without certain personal data. Although we cannot obligate you to share your personal data with us, please note that this then may have consequences which could affect your visit, such as not being able to allow you to enter certain or all ABB facilities and locations.
5. Parties ABB share your personal data with (in and outside the EU and EEA or outside the country where the ABB company that controls your data is located)
ABB only shares your personal data with other ABB affiliates or third parties as necessary for the purposes described below to the extent only necessary to fulfill the relevant purposes defined under the scope of the data processing agreement to be entered into between ABB and the relevant third parties:
- ABB affiliates (inside or outside of Europe) who provide assistance and support in visitor and audit logs;
- Other service providers being engaged by ABB to provide IT services, reception and facility management services, security services, and other service providers working on ABB’s behalf;
- Government authorities that ABB is obliged under the applicable laws or the government order/judgment to disclose or share the relevant data subject to such authority.
ABB only share your personal data with other ABB affiliates or third parties as necessary for the purposes described in this Notice. Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission (read more here), Standard Contractual Clauses (read more here), Privacy Shield certification (read more here), and the Binding Corporate Rules that some of our suppliers have adopted (read more here). We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.
6. How long we keep your personal data
Based on mandatory legislation, ABB must keep certain personal data for a minimum period of time. We only keep your personal data for as long as necessary for the purposes described in this Notice.
- In general, personal data for visitor management is kept for the duration of 3 to 12 months; provided that certain personal data will be kept for longer period if required by local laws and regulatory requirements or to respond to legal claims.
- Some of ABB's buildings and sites use CCTV systems to monitor their inside and outside for security and operational purposes. We do not keep the footage for more than one month or for a shorter retention period required by the applicable local law, unless this is necessary, for example to handle a security incident.
Through the setting of IT applications and policies we ensure that our keeping of your personal data is deleted or anonymized when we no longer need it.
7. Which data protection rights do you have with regards to your personal data?
ABB respect your statutory rights under the applicable laws that You may have over your personal data as follows: (a) the right correct any error in your personal data or update it; (b) the right to access your personal data and receive a copy of your personal data that ABB hold, (c) the right to delete your personal data that ABB no longer have a lawful ground to use; (d) the right to port your personal data to a new data processor (if applicable); (e) the right to object to the processing of your personal data based on the legitimate interests grounds; (f) the right to suspend the use of your personal by ABB whilst a complaint or during rour right to object or delete is being investigated, or (g) the right to withdraw consent, whenever ABB have asked for your consent for processing of your personal data.Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain such personal data.
8. Contact and further information
If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy.Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.
Date of publication: March 4, 2024