Data Protection Notice for "MyBuildings portal"

Busch-Jaeger Elektro GmbH takes the protection of your personal data very seriously and complies with the applicable data protection laws, which is why you are provided with the following information about our processing of your personal data and your rights under the General Data Protection Regulation (EU GDPR No. 2016/679, hereinafter “GDPR”).


Your personal data

This data protection notice applies to personal data that you, as a user of the Online Services in the MyBuildings portal (hereinafter also generally referred to as "MyBuildings portal"), make available to us for the use of MyBuildings portal within the scope of the Terms of Use.


Controller of your personal data

Busch-Jaeger Elektro GmbH, Freisenbergerstraße 2, D-58513 Lüdenscheid, Federal Republic of Germany (subsequently also referred to as “BJE”, “we” or “us”) will be what is known as the “Controller” of your personal data in the sense of Art. 4 Nr. 7 of the GDPR – this company controls how your personal data is used, in accordance with this notice.

You can contact our data protection officer as follows:

ABB AG
Christian Ley
Konzerndatenschutzbeauftragter
ABB Deutschland
Kallstadter Str. 1
68309 Mannheim
christian.ley@de.abb.com


What kind of personal data we require from you

Within the scope of use of MyBuildings portal we only process your personal data which we receive from you as part of your registration to the MyBuildings –, such as registration data, contact data (including name, email, username, password, country, language and customer type), or data added in connection with the services used, such as bank data, mailing address, credit card data as well as data of devices which have been allocated to your user account. You can also download mobile apps directly to your mobile device and connect them for the use of the online Services via MyBuildings portal. In these cases, personal data will only be processed via and/or within the MyBuildings portal as follows:

When you create an account in the MyBuildings portal, we might collect the following personal data:
- Name - Email - Username - Password (hashed) - Country - Language - Customer type (professional or end customer)

If you want to use remote access within MyBuildings portal, we might collect personal data and information about your devices (mobile device and system device establishing an internet connection), which you want to connect to my Buildings, such as:
- Cookies/tokens – to establish a secure connection from the customers mobile device to his system at home - Configuration data of system devices - Mobile device ID - Outdoor station snap shots, if using the ABB-Welcome door communication system. - Snap shots can be displayed in the Welcome app and the internet portal.

If you want to become a ABB-free@home customer, you can do so by accepting a remote access subscription on a monthly basis according to the actual subscription fees. When using the ABB-free@home remote access subscription we might collect the following additional personal data:
- Address - To create and send an invoice - Bank details - Credit card – anonymized, only first four digits are visible.

Further use of your personal data on MyBuildings portal
During each process of use of MyBuildings portal, events will be logged, such as which user or which device has accessed the system when and for how long, or which services were used. These data will also be made available to you in the form of a history. The retention time for these types of events is three months. Apart from this, our use of these data occurs solely in anonymous form for statistical purposes.

Logging data on MyBuildings portal
When accessing MyBuilding portal on our website, your browser automatically sends data to our web server for technical reasons. In the process, this data consists of the date and time of access, URL of the referring Website, file called, volume of the transmitted data, browser type and version, operating system, and your IP address. This data is evaluated for statistical purposes and then deleted.

Use of external links
In order to provide you with optimum information, our pages contain links that refer to the pages of third parties. Since these pages are the websites of other providers, we have no influence on their content, for which the respective provider is solely responsible. This data protection notice thus does not apply to the linked pages of third parties.


Why we need this personal data

We process your personal data in order to technically enable you to use the services and functions of MyBuildings portal and, if necessary, to determine your identity, to authenticate users and, if necessary, to enforce, assert or defend against legal claims and to prevent fraudulent and similar actions, including attacks on our IT infrastructure. Within the scope of use of MyBuildings portal, you must provide your personal data required for the registration on and the technical functionality of MyBuildings portal and which are required for the fulfilment of the Terms of Use of MyBuildings portal or which we are legally obliged to collect. Without such personal data, we will not be able to provide you with the services of MyBuildings portal in line with the Terms of Use.


The legal basis on which we process your personal data

We process your personal data in accordance with the provisions of the EU Data Protection Ordinance (GDPR) and other relevant data protection laws, in particular on the basis of the following legal grounds of justification:

1) For the fulfilment of contractual obligations (pursuant to Art. 6 (1) b) GDPR): The processing of your personal data is based on the fulfilment of our contractual obligations under the Terms of Use, meaning the license agreement with you regarding the MyBuildings portal services and functions.

2) Due to legal requirements (pursuant to Art. 6 (1) c) GDPR) or in the public interest (pursuant to Art. 6 (1) e) GDPR): for example, on the basis of our tax control and reporting obligations, cooperation obligations in case of audits by authorities and compliance with the legal retention periods. Furthermore, the disclosure of personal data within the scope of official or judicial measures may become necessary for the purposes of taking evidence, prosecution or enforcement of civil law claims.

3) For our legitimate interests (pursuant to Art. 6 (1) f) GDPR): If necessary, we process your personal data beyond the actual fulfilment of the terms of Use to protect the legitimate interests of us or of third parties. This is done to protect the legitimate interests offering and operating MyBuildings portal in the best possible way and to optimize MyBuildings portal wherever possible. Further we use your personal data to evaluate the general interest in our offers at MyBuildings portal.

4) If we expressly request your consent to the processing of your personal data (e.g. for direct marketing), the legal basis for processing your personal data is the consent we will ask you to give to us pursuant to Art. 6 (1) a) GDPR.


Who receives your personal data for processing and where your personal data will be processed

As part of the global ABB Group, we have business relationships with affiliated companies and external service providers, both within and outside the European Economic Area (EEA). Due to that fact your personal data may also be made available for remote access in countries outside the EEA for the purposes described in this data protection declaration. This may also apply to countries in which the level of data protection is not comparable to that of the European Union (EU). We are committed to a high level of data protection within our group of companies. We will also only transfer your personal data to external service providers if there is sufficient assurance that such service providers comply with the high data protection level of the GDPR. This is done in particular through the conclusion of standard contractual clauses of the EU Commission in accordance with Art. 46 (2) c) GDPR (available at "http://eur-lex.europa.eu").

Within the ABB Group, only those departments receive your personal data that need access to it in order to provide you with the MyBuildings portal services and software solutions and consequently to fulfill our contractual and legal obligations with respect to the Terms of Use.

A list of ABB companies can be found on the ABB website (new.abb.com/contact-centers).

Furthermore, we share your personal data with the following external service providers for the following purposes in order to provide you with the MyBuildings portal services and software solutions:

Recipient name Recipient location Purpose Safeguards in place to protect your personal data
Q:marketing AG Düsseldorfer Straße 193, 45481 Mülheim an der Ruhr, GERMANY Provides, develops features, components of MyBuildings portal - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies
Gonicus GmbH Möhnestraße 55, 59755 Arnsberg, GERMANY Application service provider for core MyBuildings portal components - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies
Xxter B.V. WG-plein 459, 1054 SH Amsterdam, The Netherlands Application service provider for Busch- Controltouch, Busch-Voicecontrol - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies
Alexander Bürkle GmbH & Co. KG Robert-Bunsen-Str. 5, 79108 Freiburg, GERMANY Application service provider for Terminal configurator - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies
Microsoft Corporation One Microsoft Way, Redmond, WA 98052-6399, USA Infrastructure provider for core MyBuildings portal components - Data Processing Agreement in place
- Standard Model Clauses agreed with the Recipient
- recipient is party to the Privacy Shield
Infosys Limited Opernturm, Bockenheimer, Landstraße 2-4 , 60306 Frankfurt am Main Application service provider for tacteo configurator - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies
BS PAYONE GmbH Lyoner Straße 9, D-60528 Frankfurt/Main, GERMANY Payment service provider for MyBuildings portal Checkout Application. - Data Processing Agreement in place
- Recipients location is in the EU and the GDPR applies


Apart from that, we will only transfer your personal data to external parties if this is required or permitted by law or if you have expressly consented to it.

Under these conditions, recipients of personal data may be, for example:


How long we process and store your personal data

We process and store your personal data as long as this is necessary to provide you with the MyBuildings portal services and software solutions and consequently to fulfill our contractual and legal obligations with respect to the Terms of Use agreed upon between you and us.

Your personal data will be deleted as soon as the purposes of processing described above no longer apply. Beyond the achievement of the purpose a storage of your personal data can nevertheless take place, as far as we are obliged to such storage due to legal regulations applying to it. In this case, the processing of your personal data is restricted and it will be deleted after the respective legal obligation (e.g. commercial and tax storage obligations) has ceased to apply or has been fulfilled.

In addition, we will keep your personal data for as long as necessary for further relevant processing purposes mentioned in this data protection notice. If you allow us to use your personal data for marketing purposes, we will keep the necessary personal data until you object to the data processing for marketing purposes or inform us that you no longer wish to receive marketing information. If we do not process your personal data for purposes other than marketing purposes, we will delete this data in conformity with data protection after receiving your objection.


Encryption of data during transmission

Information transmitted over the Internet from and to MyBuildings portal is encrypted using TLS. Basic mechanisms of connected devices (apps, gateways) are used for server authentication and TLS encryption.


How we use Cookies within MyBuildings portal

Cookies are small text files stored on your computer and saved by your browser. Our Internet pages hosting the MyBuildings portal online services and software solutions use cookies at several points. They are intended to make our offer more user-friendly, more efficient, and more secure. Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Cookies do not damage your computer and contain no viruses. You have the possibility to deactivate this function in your browser or to set it in such a way that you can determine whether a cookie should be accepted in individual cases or not. In this case, however, limitations in the operability of our website may result.


How we use Google Analytics within MyBuildings portal

Our Internet pages hosting the MyBuildings portal online services and software solutions use Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of your use of the website to be made. The information generated by the cookie about your use of this website is normally transmitted to a Google server in the United States and stored there. If the IP anonymization has been activated on this Website, your IP address will be shortened beforehand by Google, but within the member states of the European Union or in other contracting states across the European economic area that are part of the treaty. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and shortened there. Under the authority of the operator of this website, Google will use this information to evaluate your use of this website, compile reports about the activities on the website, and render additional services for the operator of the website that are connected with the use of the website and the Internet. The IP address transmitted from your browser in connection with Google Analytics will not be merged by Google with other data. You can block the storage of cookies with the appropriate setting of your browser software; however, we would like to point out that in this case you will not be able to use the full scope of functions of this website. In addition, you can also block the recording of data generated by the cookie and your use of the website (including your IP address) and the processing of these data by Google, by downloading and installing the Browser plug-in.


Your rights with regards to your personal data

If you wish to exercise the following data protection rights, you can contact us at privacy@abb.com. You can also send complaints about our handling of your personal data directly to our data protection officer. If our response is unsatisfactory to you, or if you believe that we are processing your personal information not in accordance with the legal requirements, you may also contact the appropriate data protection authority in the country where you live, work or where you believe the breach occurred.

1) Right of access to your personal data

You have the right to request information about your personal data stored, their origin and the purpose of storage (Art. 15 GDPR), as far as such right of access is not restricted under certain circumstances according to legal regulations.

2) Right to rectification of your personal data

You have the right to request us to rectify any of your personal data, if such personal data is inaccurate, incorrect or incomplete (Art. 16 GDPR).

3) Right to deletion of your personal data

You have the right to request the deletion of your personal data processed by us (Art. 17 GDPR), insofar as deletion is not excluded under certain circumstances in accordance with legal regulations.

4) Right to restriction of processing of your personal data

You have the right to request us to process your personal data only to a limited extent, such as for limited purposes or within a limited scope of processing (Art. 18 GDPR).

5) Right to portability of your personal data

You have the right to receive your personal data, which is processed by us, in a structured, commonly used and machine-readable format and the right to request us to the transfer your personal data to another controller (Art. 20 GDPR).

6) Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, either in the public interest or to protect our legitimate interest. If you object, we will only process your personal data further if we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims. If you object to the processing of your personal data for marketing purposes, we will stop any processing of your personal data without further exceptions.


Changes to this data protection notice

Please note that this data protection notice may change from time to time. We assume that most of these changes are minor, but there may be more significant changes. Please therefore carefully check and note the current version of our data protection notice.