Data Protection Notice for “myBuildings portal”

Data protection information for the myBuildings and myBUSCH-JAEGER portals and associated apps

Busch-Jaeger Elektro GmbH takes the protection of your personal data very seriously and complies with the applicable data protection laws, which is why you are provided with the following information about our processing of your personal data and your rights under the General Data Protection Regulation (EU GDPR No. 2016/679, hereinafter "GDPR").

Busch-Jaeger Elektro GmbH is a member company of the German ABB AG, and thus part of the global ABB Group. If your personal data is to be processed by other companies of the German ABB Group, the ABB AG data protection information applies to this data processing, which you can find at https://new.abb.com/privacy-policy/ or https://new.abb.com/privacy-notice/.

Scope and links to external websites of third parties

This data protection information refers to the use of our web-based myBuildings/myBUSCH-JAEGER portals (hereinafter also referred to in general terms as "portal" or "portals"), which are subject to mandatory registration before access, for the use of building automation products and related services, such as IT services, services and functions for building control (hereinafter referred to in general terms as "services"), building automation products and associated application software or applications for desktops and mobile devices (hereinafter also referred to in general terms as "apps"), which we make available to you on the basis of our terms and conditions for platform use and any other contractual provisions. This data protection information also applies to our ProService Portal app, which enables you to integrate service providers acting on your behalf into our portals or grant them access to your user account.

If you visit other websites of Busch-Jaeger Elektro GmbH, this may also involve the use of personal data that is not related to the myBuildings/myBUSCH-JAEGER portal and the processing of which is subject to our data protection information for websites, which you can find at https://www.busch-jaeger.de/datenschutz.

Please note that in order to provide you with optimum information, you will find links on our pages that refer to pages of third parties (e.g. those of our cooperation partners in connection with the use of products for building automation). Since these pages are the websites of other providers, we have no influence on their content and the data processing associated with your visit to the website; the respective provider is solely responsible for this. This data protection notice thus does not apply to the linked web pages of third parties.

Your personal data

As a matter of principle, we only process the personal data of our users to the extent necessary to provide a functioning website, to enable the user to be registered on our portals and to provide our associated services and the use of apps.

Controller of your personal data

The services in connection with our portals and associated apps are provided by Busch-Jaeger Elektro GmbH, Freisenbergstrasse 2, D-58513 Lüdenscheid, Federal Republic of Germany (also referred to below as "BJE", "we" or "us"). This company is referred to as the "controller" for your personal data within the meaning of Art. 4 (7) GDPR. This company controls how your personal data is used, in accordance with this data protection notice.

You can contact our data protection officer as follows:

ABB AG Group Data Protection Officer Kallstadter Str. 1 D-68309 Mannheim privacy@abb.com

What personal data is collected and how is it used?

Below, we describe the different aspects of processing personal data in connection with the registration and use of the portals, associated services and apps. Specifically:

  1. Registration on the portal (opening a user account)

    1.1. Description and scope of data processing, transfer to third parties

    A connection to the Internet is required to register for the portal. The following personal data is processed when the respective website is called up:

    • IP address of the device establishing the connection to the portal,

    • Date and time of connection establishment and logon,

    • Language and version of the browser software used,

    In order to use the services of the portal and to be able to connect a building automation product or device from us or third parties to your installation or system for building control via the portal, it is necessary to register and create a user account for unique identification so as to ensure that only you or persons authorised by you have access to it. Registration is only possible via the respective portal; with regard to access protection, products and devices for building control are linked to the portal by the user logging onto the respective app or web interface with a user name and password (certificate-based authentication). We process the personal data that we require from you for registration, in particular

    • the indication of the customer group (end customer or business customer),

    • the contact details (first and last name, valid e-mail address, country),

    • a user name and a password.

    At the time of registration, an IP address of the device establishing the connection to the portal, the date and time when the connection was established and when the registration took place are also logged.

    After entering the e-mail address, you will receive an e-mail from us asking you to confirm the address. In this way we can ensure that you have access to the specified mailbox. The password is not stored in plain text format, but as a so-called hash value.

    Data will not be passed on to third parties in connection with the registration.

    1.2. Purpose of the data processing and legal basis

    Registration of the user or opening of a user account is necessary for identification purposes, and is a prerequisite for the use of our services and activities in connection with the portal, the use of device automation products and devices, if applicable with the use of associated apps; accordingly, registration or opening a user account serves the purpose of carrying out pre-contractual measures as well as the performance and implementation of a contract to which you as a user are a party.

    The legal basis on for data processing is Art. 6 (1) (b) GDPR.

    1.3. Duration of data storage

    We store and use the data provided by you in connection with the registration for performance of a contract or contract processing or for carrying out pre-contractual measures. After full contract processing or deletion of your user account, your data will be blocked, respecting tax and commercial law retention periods, and deleted after these periods have expired unless you have expressly consented to further use of your data.

    1.4. Completion of data processing and deletion or correction of data

    As a user, you have the possibility to delete your user account at any time. You can also have the data stored about you in the course of registration corrected at any time. If the data is required for the performance of a contract or for carrying out pre-contractual measures, early deletion of the data is only possible if there are no contractual or legal obligations that prevent such deletion -- in particular tax and commercial law retention periods. In this case, your data will be archived for clarification of billing-relevant questions and for the legal retention periods.

  2. Registration, setup and use of the services and activities of the portal

    2.1. Description and scope of data processing, transfer to third parties

    2.1.1. Logon to the portal via Wi-Fi or with remote access

    When logging onto the portal, the following personal data of the use are processed [in addition to] the data collected under 1. in the course of registration:

    • Date and time of connection establishment and logon,

    • Date and time of the logon.

    The portal in question requires a connection to the Internet. When you log on via the website or an app, your device must connect to the portal. When accessing via Wi-Fi, your Wi-Fi status is transmitted (Wi-Fi connection information). For remote access or a remote connection, in addition to the IP address of the device establishing the connection and the time when the connection was established and terminated, the following are also logged: the certificate identifying the device calling the connection, the activated device automation products and the connected device. This information is also processed when you use alternative network connections to connect to the Internet, such as mobile phone networks or wireless networks (Bluetooth).

    Push notifications which are sent to the respective device and assigned to a user account are required for the use of apps (see also 2.1.3. (3)). These push notifications are provided in the as-delivered condition after installation or following configuration by the customer.

    This data is stored on our cloud and assigned to your user account.

    No data is transferred to third parties during logon, unless the customer integrates services of external service providers (third parties) on the portal or via the apps, to which data is transferred (e.g. when using voice services). Further information about this is provided below under point 2.1.3 et seq.

    2.1.2. Use of services and connection of building automation products (contract processing)

    Insofar as you are logged onto the portal and obtain services from us or another Group company of the German ABB AG in connection with building automation products (e.g. installation services for Busch-Jaeger building automation products), further personal data will be processed in order to implement these requested services. This includes in particular the address (street, town, country), information about the services/products, billing address, if necessary a different delivery address, as well as payment data in the case of services requiring payment (e.g. credit card, PayPal account or immediate bank transfer information).

    In this case, your data will be forwarded to the payment service providers selected by you for the purpose of carrying out the payment transaction. You can find our payment service providers in the following section. In addition, we use external service providers to provide services within the scope of contract processing. You can also find these in the following section.

    In addition, data is passed on within the Group companies of ABB AG, insofar as the data transfer is necessary for internal administrative purposes or to provide internal group services (e.g. for the central billing of services or building automation products that you use on the portal, as well as central administration of customer data).

    Your data is stored on our cloud and assigned to your user account.

    2.1.3. Addition of services and devices from external service providers by the customer in the portal

    (1) General

    It may be necessary to process further data for building automation products and services that we provide (e.g. Busch-Jaeger free@home System Access Point) or those from third parties to be connected via your user account in the portal or apps, and for communication with the devices that you connect as part of the installation (e.g. heating controllers, movement detectors, switches, cameras); this is because you have to connect these devices, activities and services via a user interface. You decide which devices, services and activities you will connect or link to the respective portal and about the permission for access. We provide interfaces that allow certain functions to be performed (e.g. voice control).

    This applies in particular when using apps which require a link to be established or a connection to be activated in order for the services or functions to be operated, and for necessary access permissions to be granted for the mobile device (e.g. access to Wi-Fi or mobile data, camera, files).

    You alone are responsible for the connection or configuration and granting of permissions, as well as the associated data processing by us and, if necessary, data transfer to third parties.

    When third-party devices are connected, it may be necessary for you additionally to register on a portal and you may also have to set the connection to the portal so that data can be exchanged between the systems. Depending on the provider, it may therefore be necessary for you to either authenticate yourself to us when connecting by entering the access data for the portal to the device provider's cloud or, vice versa, to authenticate yourself in the provider's portal with your logon data so that an exchange of information is possible. This exchange may require personal data to be transferred, for example an exchange of room temperature data between us and the device provider's platform to enable the values of the product to be displayed correctly or at the device provider.

    You can deactivate the connection at any time in the settings of your device or user account.

    The data collected in this way is collected with your consent — with reference to this data protection information — and stored on our cloud and assigned to your user account.

    (2) Use of the services and functions of the portals

    Specifically, the following data is processed by us on the portal side in particular — depending on the range of functions of the systems for building security and the configuration, connected services and building automation products defined by you:

    • Configuration data and other device data that you have configured in your user account (e.g. serial number, controller specifications, software versions of the individual components),

    • Status data of the building security systems (e.g. sensor readings, system time, timer program information, status/error messages of the devices),

    • Notification settings,

    • Any user-defined names of the main location and rooms

    • Location data (e.g. to retrieve weather and time information)

    • The lock code of your keypad, if it has one and if there is a keypad connected,

    • Still image and video recordings ("external station snapshots") of a camera mounted by the user in or on the building (when using the ABB/Busch Welcome or Welcome IP door communication system),

    • History data of the building security systems,

    • Usage data (e.g. frequency of use, registered crashes, hardware/software errors).

    The data obtained in this way is stored on our cloud and assigned to your user account.

    (3) Use of additional services

    When using additional services, SMS messages and push notifications as well as e-mail messages, the following data is processed with your consent in addition to logging the IP address of the calling device (depending on the service):

    • Time of sending,

    • Status of sending,

    • Push API key,

    • Number of sent SMS or push messages,

    • Recipient (mobile phone number or e-mail address),

    • Content of the message.

    When using remote additional services, the actions created by you and the data points of your devices to be controlled are additionally stored for the use of incoming actions/commands from the system (e.g. setting of light, heating). In addition, we store the operating pages ("views") created by you as well as the data points of your terminal devices to be controlled. The stored data results from the respective input screens.

    You can deactivate the additional services at any time in the settings of your device or user account.

    The data obtained in this way is stored on our cloud — with your approval — and assigned to your user account.

    (4) Use of language services (third-party providers)

    If you use voice control for your devices or building automation products, when using voice services from third parties (e.g. Amazon Alexa ~~or Google Home~~ or Google Assistant), the following data is passed to the respective device provider during the integration or connection of this service via the portals; this data is used for the purpose of directing the devices to the respective service provider, based on the configuration you have made:

    • OAuth token,

    • Serial number/ID of the devices/programs/system variables to be controlled,

    • Datapoints of the devices,

    • Names of the devices/programs/system variables,

    • Status of the devices/system variables.

    Data is transferred to the service providers with your consent — with reference to this data protection information. For further information on data protection, please contact the particular service provider responsible for the legality of the data processing. We have no influence on the data protection regulations of the provider in question. Depending on the provider, this can also involve data transfer to third countries outside the EU/EEA (e.g. to Google's server in the USA).

    (5) Access to your user account via the ProService Portal

    If you allow access to your user account by an external service provider or third party (e.g. installation companies) or by us (e.g. due to a support request via one of our ABB companies), they or us, as the case may be, can log in as an authorised administrator via the ProService Portal with your consent for access and access control purposes. The respective service provider receives the following data on the basis of the configuration you have made:

    • Name and first name,

    • E-mail address,

    • Serial number/ID of the devices/programs/system variables to be controlled,

    • Datapoints of the devices,

    • Names of the devices/programs/system variables,

    • Status of the devices/system variables,

    • Firmware,

    • Apps (e.g. remote access, Amazon Alexa, Home Appliances)

    • Enabling of remote maintenance for access to the customer system

      If you have commissioned external service providers or third parties, you will receive further information on data protection from the particular service provider to whom you grant access and access rights and who is responsible for the legality of the data processing. We have no influence on the data protection regulations of the provider in question.

    2.1.4. Using the camera functions to display images or videos

    If you use the camera function (e.g. in the ABB-Welcome door communication system) of devices via remote access (e.g. via an app) in connection with the portal for the purpose of storing image data on our portals and integrate these services, the access data you have specified (e-mail address and password) will be stored locally in the portal.

    The data collected in this way is collected with your consent — with reference to this data protection information — and, if applicable, stored on our cloud and assigned to your user account. You can deactivate the forwarding of data at any time in the settings of your device or user account.

    This data will not be passed on to third parties — outside the group companies of the German ABB AG.

    2.1.5. Creation of special user profiles (suggestion function)

    If we offer automated suggestion functions for energy optimisation or comfort functions for other optimised use of the respective devices or systems for building control and you use them and you also activate these extended functionalities and services of a portal, providing them can also require that we make appropriate access the user's device, consumption and usage data stored pseudonymously — restricted to the respective free@home systems — and that we analyse this data and then create a specific usage profile, where appropriate. In this case, the user will be informed separately and his/her consent to the processing of the personal data used in this regard — with reference to this data protection information — will be obtained.

    The data obtained with your approval is stored on our cloud and assigned to your user account.

    This data will not be passed on to third parties — outside the group companies of the German ABB AG.

    2.1.6. Evaluation of usage data for technical improvement

    The data obtained by us in the course of registration, logon and use of our services and activities and about the configuration of device or building automation products is processed to detect technical faults and software errors for trouble-free and user-friendly design. The technical information transferred in this context includes:

    • Device class,

    • Firmware version,

    • Version of the operating software,

    • Memory capacity utilisation,

    • CPU capacity utilisation,

    • Error data (referred to as logfiles).

    • Type and number of linked systems (e.g. Philips Hue, Sonos)

    • Type and number of linked mobile devices

    • Set national language

    • Installation location (country)

    • Device settings (parameters)

      The data obtained in this way is stored on our cloud and assigned to your user account.

      Your usage behaviour is only ever evaluated anonymously. Consequently, user statistics are not merged with other personal data, unless this would be indispensable in order to provide certain extended functionalities and services of the portal chosen by the user.

      This data will not be passed on to third parties — outside the group companies of the German ABB AG.

    2.2 Purpose of the data processing and legal basis

    The data collected during the logon for use of the services and functions of the myBuildings portal as well as the integration of building automation products and systems for building control and, if applicable, via apps is required by us in order to be able to provide our services and activities, to improve our services, to compile anonymous statistics and to check compliance with the contractual provisions (in particular, the contractual use and the prohibition on the use of portals by robots).

    The data is used for the performance and administration of a contract to which you as a user are a party or for carrying out pre-contractual measures as well as for our legitimate interests. The legal basis on for data processing is Art. 6 (1) (b) GDPR as well as Art. 6 (1) (f) GDPR.

    If you access your user account and the associated devices and services outside your home network, it will be necessary to establish secure communication between your device and our portal. This is accompanied by data processing which is necessary to examine the legitimation for access to the user account and the performance of a contract in connection with the services of the portal in question and the building automation products and systems for building control, for the purposes of authentication, or else this is done with your consent. The legal basis for data processing is your consent pursuant to Art. 6 (1) (a) GDPR (consent) or Art. 6 (1) (b) GDPR (performance of a contract), insofar as the data is processed for the performance of a contract.

    Furthermore, we process personal data concerning you beyond the actual fulfilment of the terms of use and performance of contracts in order to optimise our services and activities in connection with the portal and related apps. Moreover, we use your personal data in an anonymised form as part of creating usage profiles in order to evaluate the general interest in the offer provided by our portal, as well as to tailor the offer according to demand, to enable the customer to use appropriate usage recommendations and corresponding individualised advertising for current goods and services from our portfolio as well as within the context of device monitoring. The legal bases for creating and using pseudonymised usage profiles to evaluate user behaviour and pseudonymised monitoring is Art. 6 (1) (b) GDPR (performance of a contract) and Art. 6 (1) (f) GDPR (legitimate interests pursued by us in user-friendly design).

    Insofar as data is transferred within the ABB AG Group companies, the legal basis is Art. 6 (1) (f) GDPR, namely our legitimate interest in the processing of personal data in connection with portals for internal administrative purposes and for the provision of services within the Group.

    Insofar as the user activates the extended functions and services of the portal and third-party services via the user's configuration or activates connection of the devices as well as the functions of SMS and push notification, etc., and integrates camera functions and voice control components, and gives his consent to this, the legal basis is Art. 6 (1) (a) GDPR (consent).

    Due to legal requirements (Art. 6 (1) (c) GDPR) or in the public interest (Art. 6 (1) (e) GDPR), data processing beyond this scope may also be legally permitted, for example on the basis of our tax control and reporting obligations, cooperation obligations in case of audits by authorities and compliance with the legal retention periods. Furthermore, the disclosure of personal data within the scope of official or judicial measures may become necessary for the purposes of taking evidence, prosecution or enforcement of civil claims.

    2.3 Duration of data storage

    The data will only ever be stored for as long as it is necessary to provide our services and activities, or for performance of a contract, or for contract processing, or for carrying out pre-contractual measures.

    The user can manage the data regarding the connection or configuration of devices and services in his/her user account and delete the data individually if necessary (e.g. still camera images that are no longer required). Equally, the user can terminate the connection of individual devices or services as a whole; the relevant data stored for a single building control system will be deleted by us within thirty (30) days thereafter.

    After full contract processing or deletion of your user account, your data will be blocked, respecting tax and commercial law retention periods, and deleted after these periods have expired unless you have expressly consented to further use of your data.

    2.4 Possibility of objection, termination of individual data processing operations, and deletion and correction of individual data

    You can remove the connection of individual building automation products or devices or (additional) third-party services in the portal at any time by changing the configuration. The user can manage this data in his/her user account and delete the data individually if necessary (e.g. still camera images that are no longer required). Equally, the user can terminate the connection of individual devices or services with the activities as a whole; the relevant data stored for an individual building control product will be deleted by us immediately thereafter.

    Insofar as the user has the right to object to the use of certain data (e.g. the pseudonymised evaluation of his/her user behaviour), he/she can contact us for this purpose via https://my.privacy.abb.com/ or use the contact details given in the imprint.

    If data is required for the performance of a contract or for carrying out pre-contractual measures, early deletion of the data is only possible if there are no contractual or legal obligations that prevent such deletion — in particular tax and commercial law retention periods.

    2.5. Withdrawal of data protection consents

    You can withdraw your consent at any time with effect for the future (see also below under Your rights). Insofar as the user activates the extended functions and services of the portal and third-party services via the user's configuration or activates connection of the devices as well as the functions of SMS and push notification, for example, and uses integrates camera functions and voice control components, the user can deactivate these at any time via his/her user account in the particular portal. In the portal, the user can use the function provided for this purpose (generally speaking, this is a button), thereby declaring that he/she withdraws a consent that was granted. In addition to this, and insofar as as there is no button for withdrawing a consent, the user can contact us at any time via https://my.privacy.abb.com/ or by using the contact data given in the imprint and declare his/her withdrawal of consent.

    When connecting third-party services and granting access authorisations, in particular via the ProService Portal, the user can block data transmission on his/her device or mobile device and/or in his/her building control system, thus preventing and withdrawing a consent, by changing the settings.

    It should be noted that, due to the withdrawal of consent for data processing, certain functions and services or building automation products and devices can no longer be used, especially from third-party providers.

  3. Use of the backup functions of the cloud

    3.1. Description and scope of data processing and transfer of the data to third parties

    If you as a user of the portal make use of our backup service, the data is stored and saved in the cloud of our hosting service provider Microsoft Corporation (Azure location Europe, North). The following data is saved when the backup is created:

    • Access data to the user account,

    • Configuration data and other device data that you have configured in your user account (e.g. serial number, controller specifications, software versions of the individual components),

    • Status data of the free@home systems (e.g. sensor readings, system time, timer program information, status/error messages of the devices),

    • Notification settings,

    • Any user-defined names of the main location and rooms

    • Location data (e.g. to retrieve the location of a device or weather information, or to detect arrival),

    • The lock code of your keypad, if it has one and if there is a keypad connected,

    • Still image recordings ("external station snapshots") of a camera mounted by the user in or on the building (when using the ABB/Busch Welcome door communication system),

    • History data of the building control system,

    • Usage data (e.g. frequency of use, registered crashes, hardware/software errors, operating hours).

    This data will not be passed on to third parties — outside the group companies of the German ABB AG.

    3.2. Purpose of the data processing and legal basis

    The backup service (contractual service) is carried out for the purpose of fail-safe storage of important data and settings to restore the last status of the customer's configurations in his/her building control system The legal basis on for data processing is Art. 6 (1) (1) (b) GDPR (performance of a contract).

    3.3. Duration of data storage

    The data will only ever be stored for as long as it is necessary to provide our services and activities, or for performance of a contract, or for contract processing, or for carrying out pre-contractual measures.

    After contract processing has been completed, your data will be deleted by us within thirty (30) days unless tax and commercial law retention periods conflict with this and unless you have expressly consented to further use of your data.

    Who receives your personal data for processing and where your personal data will be processed

    As part of the global ABB Group, we have business relationships with affiliated companies and external service providers, both within and outside the European Economic Area (EEA), which may process personal data concerning you for the purposes described in this data protection declaration. This may also apply to countries in which data protection is not comparable to that of the European Union (EU).

    Within our global Group of companies, however, we ensure a high level of data protection through binding and Group-wide data protection regulations in order to protect your personal data. In particular, within the ABB Group, only those departments receive your personal data that need access to it in order to provide you with the services and apps in this regard, and consequently to fulfil our contractual and legal obligations in accordance with the terms of use agreed with you and other contracts. A list of ABB companies can be found on the ABB website (new.abb.com/contact-centers).

    Moreover, we will only transfer your personal data to our external service providers (processor within the meaning of Art. 28 GDPR) and have it processed by these service providers if there is sufficient assurance that such service providers comply with the high data protection level of the GDPR. This is done in particular through the conclusion of standard contractual clauses of the EU Commission in accordance with Art. 46 (2) (c) GDPR (available at "http://eur-lex.europa.eu"). Below, you will find an overview of the external service providers which we currently use:

    Recipient name Recipient location Purpose Safeguards in place to protect your personal data
    Q:marketing AG Düsseldorfer Straße 193, 45481 Mülheim an der Ruhr, Deutschland Provides and develops functions and components of the portals - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    Devision Ltd. 1715 Sofia, Bulgaria 80A Aleksandar Malinov, 6th floor Provides and develops functions and components of the portals - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    Gonicus GmbH Möhnestraße 55, 59755 Arnsberg, Deutschland Application service provider for core portal components - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    Xxter B.V. WG-plein 459, 1054 SH Amsterdam, Niederlande Application service provider for Busch-Controltouch, Busch-Voicecontrol - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    Alexander Bürkle GmbH & Co. KG Robert-Bunsen-Str. 5, 79108 Freiburg, Deutschland Application service provider for Terminal configurator - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA Infrastructure provider for key portal components, Microsoft Azure infrastructure - Data processing agreement according to Art. 28 (3) GDPR in place
    - Standard Model Clauses agreed with the Recipient
    - Recipient is party to the Privacy Shield
    Infosys Limited Opernturm, Bockenheimer, Landstraße 2-4 , 60306 Frankfurt am Main Application service provider for tacteo configurator - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies
    BS PAYONE GmbH Lyoner Straße 9, D-60528 Frankfurt/Main, Deutschland Payment service provider for portal Checkout application - Data processing agreement according to Art. 28 (3) GDPR in place
    - Recipients' location is in the EU and the GDPR applies


    Apart from that, we will only transfer your personal data to external parties if you have expressly consented to it. This concerns cooperation partners who, in connection with the use of the services and apps, offer their own services which are independent of us (e.g. when connecting third-party devices). We have no influence on the data processing of these service providers. Please refer to the data protection information from the respective service provider.

    In certain cases we are legally obliged to pass on personal data concerning you to third parties. Recipients of personal data under these conditions may include: public authorities and institutions (e.g. tax authorities, criminal prosecution authorities, social insurance) in the event of legal or administrative proceedings; insolvency administrators or creditors requesting enforcement and auditors in connection with annual audits.

    How long we process and store your personal data

    We process and store your personal data as long as this is necessary for the aforementioned processing purposes, unless you object to the use of your personal data, providing there is a legitimate interest forming the legal basis for its processing (Art. 6 (1) (f)) GDPR), or until you withdraw your consent that was granted according to Art. 6 (1) (a) GDPR (Art. 7 (2) (3) of the German Act against Unfair Competition (UWG)).

    In relation to the processing purposes mentioned in this data protection information, we process and store your personal data as long as this is necessary to provide you with the portal services and software solutions and consequently to fulfil our contractual and legal obligations with respect to the terms of use agreed upon between you and us, and other contracts relating to the services of the myBuildings portal and myBuildings apps as well as building automation products. In the above sections on data processing, we have given you additional information on the duration of the particular data processing.

    Your personal data will be deleted as soon as the purposes of processing described above no longer apply. Beyond the achievement of this purpose, your personal data can nevertheless be stored as far as we are obliged do so due to associated legal regulations. In this case, the processing of your personal data is restricted and it will be deleted after the respective legal obligation (e.g. commercial and tax storage obligations) has ceased to apply or has been fulfilled.

    Encryption of data during transmission

    Information transmitted over the Internet from and to the portal is encrypted using TLS. Basic mechanisms of connected devices (apps, gateways) are used for server authentication and TLS encryption. The particular building security system is integrated into your home network via TCP/IP (Ethernet or Wi-Fi). The systems located in the home network are then addressed either directly, via third-party gateways or other systems. The user profile, the configuration and switching states that you have are synchronised with the cloud servers. Communication is done via TLS connections.

    How we use cookies within the portal

    We use cookies in the course of using the myBuildings portal and the myBuildings app. Cookies are small text files stored on your computer and saved by your browser. They are intended to make our offer more user-friendly, more efficient, and more secure, which means they are technically necessary. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Cookies do not damage your computer and contain no viruses. You have the possibility to deactivate this function in your browser or to set it in such a way that you can determine whether a cookie should be accepted in individual cases or not. In this case, however, limitations in the operability of our website may result.

    The legal basis for the data processing is Art. 6 (1) (1) (f) GDPR. We do not communicate this personal data to third parties.

    Your rights with regards to your personal data

    If you have questions about data protection, complaints about our handling of your personal data or if you wish to exercise the rights of data subjects listed below, you can contact us at https://my.privacy.abb.com/ or send your request directly to our data protection officer. If our reply is not satisfactory or if you believe that we are processing your personal data unlawfully, you can also contact the competent data protection authority of the country in which you live, work or in which you believe the data protection breach to have occurred, in accordance with your right to lodge a complaint under Art. 77 GDPR.

    1. Right of access to your personal data

      You have the right to request information from us at any time (by request submitted in text form) and receive information within the scope of Art. 15 GDPR about your personal data that is processed and stored by us, its origin and the purpose of its processing and storage. This right is limited by the exceptions of Art. 34 of the German Federal Data Protection Act (BDSG), according to which there is no right to information in particular if the data is stored only on the basis of statutory storage regulations or for data backup and data protection control, if providing the information would require a disproportionate amount of effort, and if misuse of the data processing is prevented by appropriate technical and organisational measures, unless this right of information is limited under certain circumstances in accordance with statutory provisions.

    2. [Right to rectification of your personal data]

      Under Art. 16 GDPR, you have the right to demand that we immediately rectify any of your personal data, if such personal data is inaccurate, incorrect or incomplete.

    3. [Right to deletion of your personal data]

      You have the right, under the conditions set out in Art. 17 GDPR, to demand that we delete your personal data. These conditions apply in particular if a) the relevant purpose for processing has been accomplished or otherwise ceases to be relevant, b) we have processed your data unlawfully, c) you have withdrawn your consent without there being any other legal basis for continuation of the data processing, d) you successfully object to the data processing, or e) in cases where an obligation to delete exists on the basis of the law of the EU or of an EU member state to which we are subject. This right is subject to the restrictions of § 35 of the German Federal Data Protection Act (BDSG), according to which the right to deletion can be waived in particular if, in the case of non-automated data processing, a disproportionately significant amount of effort would be required for deletion and your interest in the deletion is to be regarded as low.

    4. [Right to restriction of processing of your personal data]

      In accordance with Art. 18 GDPR, you can demand from us that we only continue to process your personal data to a limited extent, for example only for specific purposes or only to a limited extent. This right exists in particular if a) the accuracy of the personal data is disputed, b) you request limited processing instead of deletion under the conditions of a justified request for deletion, c) the data is no longer required for the purposes that we were pursuing whereas you require the data to assert, exercise or defend legal claims, or d) the success of an objection is still disputed.

    5. [Right to portability of your personal data]

      In accordance with Art. 20 GDPR, you have the right to receive your personal data, which is processed by us, in a structured, commonly used and machine-readable format, as well as the right to request us to transfer your personal data to another controller.

    6. [Right to object]

      In accordance with Art. 21 GDPR, you have the right at any time to object, for reasons arising from your particular situation, to the processing of personal data concerning you which is being processed either in the public interest or to protect our legitimate interests. If you object, we will only process your personal data further if we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.

    7. [Right to withdraw a data protection consent]

      You have the right to withdraw your declaration of consent to the processing of personal data at any time (Art. 7 (3) GDPR). Withdrawal of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until it was withdrawn. For this purpose, you as a user can use the corresponding function provided in your user account (generally speaking, this is a button), submit the withdrawal of consent via https://new.abb.com/privacy or contact the relevant address given in the imprint.

    Changes to this data protection notice

    Please note that this data protection notice may change from time to time. We assume that most of these changes are minor, but there may be more significant changes. Please therefore carefully check and note the current version of our data protection notice.