Select Language

ABB Corporate Rules - Summary

Table of contents:

1. Introduction
1.1. Fairness and lawfulness
1.2. Processing of sensitive Personal Data
1.3. Transparency
1.4. Purpose
1.5. Proportionality and quality
1.6. Storage limitation
1.7. Data security
2. Sharing personal data
2.1. Sharing data with Data Processors
2.2. Sharing Personal Data with Data Controllers
2.3. Onward transfer
3. Complaint
4. Third party rights available to the Data Subjects

1. Introduction

At ABB respecting data protection rights is a priority. ABB has adopted global data protection standards to ensure a standardised and high level of protection of Personal Data.

ABB Group Companies are committed to meet the data privacy principles described below when ABB Group Companies are the Data Controller for the Personal Data.

1.1. Fairness and lawfulness

The processing of Personal Data shall be always done fairly and lawfully in ways that would be reasonably expected and on the basis of one of the following grounds for processing:

the Data Subject has given their consent to the processing of Personal Data;
processing is necessary to perform a contract with the Data Subject, or to take pre-contractual steps at the request of the Data Subject;
processing is necessary for compliance with a legal obligation to which the Data Controller is subject;
processing is necessary to protect the vital interests of the Data Subject; or
processing is necessary for the Data Controller's legitimate interests or those of a third party, unless the interests of the Data Subject override those interests.

1.2. Processing of sensitive Personal Data

Where ABB Group Companies process sensitive Personal Data this processing shall be always done fairly and lawfully in ways that would be reasonably expected and on the basis of one of the following grounds for processing:

the Data Subject has given explicit consent;
processing is necessary to meet obligations or exercise rights in national or European law relating to employment, social security, and healthcare in so far as it is authorized by national law providing for adequate safeguards;
the Personal Data are manifestly made public by the Data Subject;
processing is necessary to establish, exercise or defend legal claims;
processing is necessary for the assessment of the working capacity of an Employee; or
processing is necessary for the security of ABB, Staff and customer assets, for example through the use of video recordings or biometric identifiers.

Adequate security measures will be ensured depending on the nature of the Personal Data and the risks associated with its intended processing.

1.3. Transparency

ABB Group companies shall provide the Data Subject at the point of collection, or within a reasonable period of collection, with the information necessary to ensure fair and transparent processing, in particular:

Identity and contact details of the Data Controller as well as the contact details of the data protection officer;
Purposes and the legal basis for the processing;
The recipients or categories of recipients of the Personal Data,
The source of Personal Data (unless this is Personal Data collected directly from the Data Subject);
Risks, rules, safeguards and rights in relation to the processing of Personal Data and how to exercise their rights in relation to such processing.

1.4. Purpose

ABB Group Companies shall only process Personal Data for explicit and legitimate purposes. At the same time collected Personal Data are not processed for further incompatible purpose - unless the Data Subject has given consent and has been provided with the information required by the Transparency Principle, or the processing is otherwise permitted under applicable law.

1.5. Proportionality and quality

Personal Data shall always be adequate and relevant to the purposes of processing. In particular, Personal Data must be limited to what is necessary to the purpose of processing. ABB ensures that Personal Data are accurate and, where necessary, kept up-to-date. ABB Group Companies take all reasonable steps to ensure that any incorrect or incomplete Personal Data are erased, blocked or, if necessary, corrected without undue delay.

1.6. Storage limitation

Personal Data shall be only processed for the period necessary for the purposes for which they are processed, or as advisable considering an applicable statute of limitations. At the end of this period the Personal Data are erased or anonymized unless there is an exemption under applicable law which allows the data to be kept longer.

1.7. Data security

ABB Group Companies will maintain appropriate technical and organisational measures to ensure a level of appropriate security for Personal Data, taking into account the nature of the Personal Data; possible risks that may affect Personal Data; the ability to ensure confidentiality, integrity, availability and resilience of processing of Personal Data; the requirements of applicable law; and any measures specified in the service agreement with a Customer.

ABB Group Companies must comply with the information security requirements set out in ABB’s Information Security Management Corporate Regulations, instructions, policies and standards. ABB will inform Data Subjects of a security breach affecting their Personal Information if (a) the Data Subject is at a high risk of harm as a result of the Personal Data breach or, (b) (even if the Data Subject is not at a high risk of harm) if an applicable breach notification law requires such notification.

2. Sharing Personal Data

2.1. Sharing data with Data Processors

An ABB Group Company will only appoint a Third Party Data Processor to process Personal Data where a data protection and information security risk assessment has been carried out to determine that the Data Processor will provide sufficient guarantees that it will implement appropriate technical and organisational measures. The ABB Group Company will ensure that there is a written contract with the Data Processor, which is recognised as valid under applicable law and which contains the provisions required in applicable law.

2.2. Sharing Personal Data with Data Controllers

An ABB Group Company may share Personal Data with another Data Controller where ABB is the Data Controller in respect of the Personal Data providing that it meets the ABB Privacy Principles.

2.3 Onward transfer

European Personal Data may be shared with other ABB Group Companies or with other Third Parties located in the European Union or in a country or territory in respect of which there is a valid decision by the European Commission determining an adequate level of protection for European Personal Data but with no further requirements to ensure adequate protection for the data. In all other situations, European Personal Data may only be shared where appropriate safeguards for the European Personal Data are put in place, as set out in article 46 GDPR – such as use of the EU Model Clauses. Where an ABB Group Company is the Data Controller in respect of the European Personal Data, such data may also be shared in specific situations where European Law provides a derogation for the transfer – for example, where the Data Subject has given explicit consent, where the transfer is necessary to perform a contract with the Data Subject or to take pre-contractual measures requested by the Data Subject. Non-European Personal Data may only be shared with other entities where appropriate safeguards have been put in place to protect the data and in accordance with the requirements of applicable law.

3. Complaint

If a Data Subject has a concern that their Personal Data has been processed by an ABB Group Company in violation of applicable data protection laws, they may submit a complaint in writing by submitting the contact form at abb.com/privacy or through privacy@abb.com.

ABB will facilitate the complaints process without undue delay and, ordinarily, within one month from the date the complaint is received. This period may be extended by two further months if this is necessary, because of the complexity of the complaint or the number of requests made by the Data Subject. The Data Subject will be informed if there is a delay in processing their complaint due to the above.

4. The third party rights available to the Data Subjects

Whenever ABB Group Companies process European Personal Data as a Data Controller, Data Subjects have the following rights listed below. Whenever ABB Group Companies process non-European Personal Data as a Data Controller, Data Subjects can enforce the rights available to them under applicable law. The justified request of the Data Subject will be responded without undue delay and in any event within one month.

Rights of access and portability- The Data Subject has the right to:

receive the confirmation if the ABB Group Company processes Personal Data about that Data Subject;
receive a copy of the Personal Data in a structured, commonly used and machine-readable format;
ask for transfer of Personal Data to another entity, in structured, machine-readable format when the Personal Data was provided by the Data Subject, is processed automatically, and where the Personal Data are processed with the individual’s consent or to fulfil a contract with him or her;

Right of rectification- The Data Subject has the right to request correction of inaccurate or incomplete Personal Data;

Right of erasure (the "right to be forgotten")- The Data Subject has the right to erase the Personal Data when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful;

Right of restriction- The Data Subject has the right to restrict processing of Personal Data in specific circumstances;

Right to object- The Data Subject has the right to object to our processing of Personal Data where we rely on our legitimate interests as the basis for our processing or where data protection rights outweigh ABB reasoning for legitimate interests;

Automated decision-taking- The Data Subject has the right to ask ABB not to be subject to an automated decision (i.e. no human involvement in the decision);

Right of consent withdrawal- where ABB has asked for a consent to process Personal Data the Data Subject has the right to withdraw the consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you feel that you wish to contact ABB and review, update, change or delete any of your Personal Data and preferences of how ABB processes it, please visit our Data Subject Rights - Request forms site.

Select region / language

Europe
Americas
Middle East and Africa
Asia and Oceania

Global - English
Austria - German
Belgium - Dutch | French
Bulgaria - Bulgarian
Croatia - Croatian
Czech Republic - Czech
Denmark - Danish
Estonia - Estonian
Finland - Finnish
France - French
Germany - German
Greece - Greek
Hungary - Hungarian
Ireland - English
Italy - Italian
Latvia - Latvian
Lithuania - Lithuanian
Luxembourg - French
Netherlands - Dutch
Norway - Norwegian
Poland - Polish
Portugal - Portuguese
Romania - Romanian
Russia - Russian
Serbia - Serbian
Slovakia - Slovakian
Slovenia - Slovenian
Spain - Spanish
Sweden - Swedish
Switzerland - French | German | Italian
Turkiye - Turkish
United Kingdom - English

Global - English
Argentina - Spanish
Aruba - Spanish
Bolivia - Spanish
Brazil - Portuguese
Canada - English | French
Chile - Spanish
Colombia - Spanish
Costa Rica - Spanish
Dominican Republic - Spanish
Ecuador - Spanish
El Salvador - Spanish
Guatemala - Spanish
Honduras - Spanish
Mexico - Spanish
Panama - Spanish
Peru - Spanish
Puerto Rico - Spanish
United States of America - English
Uruguay - Spanish

Global - English
Algeria - English | French
Angola - English | French
Bahrain - English | French
Botswana - English | French
Cameroon - English | French
Côte d'Ivoire - English | French
Egypt - English | French
Ghana - English | French
Israel - Hebrew
Jordan - English
Kenya - English | French
Kuwait - English
Lebanon - English
Madagascar - English | French
Mali - English | French
Mauritius - English | French
Morocco - English | French
Namibia - English | French
Nigeria - English | French
Oman - English
Pakistan - English
Palestine - English
Qatar - English
Saudi Arabia - English
Senegal - English | French
South Africa - English
Tanzania - English | French
Tunisia - English | French
Uganda - English | French
United Arab Emirates - English
Zambia - English | French
Zimbabwe - English | French

Global - English
Australia - English
Bangladesh - English
China - Chinese | English
India - English
Indonesia - English
Japan - Japanese
Kazakhstan - Russian
Malaysia - English
Mongolia - Mongolian | English
New Zealand - English
Philippines - English
Singapore - English
South Korea - Korean
Sri Lanka - English
Taiwan (Chinese Taipei) - Chinese - Traditional
Thailand - English
Vietnam - English

abb.com privacy settings

Our website uses cookies which are necessary for running the website and for providing the services you request. We would also like to set the following optional cookies on your device. You can change these settings any time later by clicking "Change cookie settings" at the bottom of any page. For more information, please read our privacy notice.

Analytics

We collect statistics to understand how many visitors we have, how our visitors interact with the site and how we can improve it. The collected data does not directly identify anyone.

Preferences

We store choices you have made so that they are remembered across visits in order to provide you a more personalized experience.

Advertising and tracking

Your browsing behavior is tracked across websites by advertising and social network service providers. You may see tailored advertising and content on other websites based on your browsing profile.

Show details

Hide details

privacy notice.

Accept selected

Refuse all

Accept all