Privacy Notice

ASSA ABLOY is committed to protecting your personal data. This privacy notice describes:
the types of personal data we collect from you in connection with this digital service;
how we use that information and why;
who we share it with and where;
how long we store it for;
your rights, including how you can contact us if you have additional questions about the processing of your personal data; and
how we can make changes to this notice.

Your personal data

Nergeco - 8 rue de l’Industrie 43220 Dunières – Siret 320 167 513 00045, as "data controller" is responsible for the processing of your personal data.

1. What personal data we collect

We collect and store:
• When you request information from us: your name, address, email and/or telephone number which you submit in order to obtain information from us.
• When you order from us: your contact and delivery details as well as any other information required to verify and fulfil the order. This also includes financial information that you submit to us.
• When you visit our digital services and websites: your browsing behaviour on the site, such as pages visited and the time spent on each page.

2. Use of your personal data

Why do we process this personal data, and what is the legal basis for such processing?
To provide you with the information you request.
Using your personal data in this way is necessary for us to respond to your request, which is our legitimate interest.

To set up and manage your account, for example by sending you password reminders or notifications of changes to your account details.
Using your personal data in this way is necessary for us to provide you with an online account which is our legitimate interest.

To fulfil your order where you have made a purchase from this digital service, to contact you about sales and as a part of our customer relation procedures.
Using your personal data in this way is necessary for us to perform our contractual obligations where you have placed an order on this digital service.

To keep your payments safe and secure and protect the security of our website.
It is in our legitimate interests to process personal data to keep our customers' payments secure, prevent fraud and protect our digital services from cyber-attacks.

To carry out statistical analysis about the use of the website to better understand how our website is used and make improvements.
It is in our legitimate interest to look at this information to understand how our website is being used and manage and improve it. Since no sensitive personal data will be processed and the processing is limited, we have concluded that our legitimate interest to conduct the improvements and analysis takes precedence over your privacy interest.

To better understand your interests and preferences, in order to provide you with an experience that is tailored to those interests and preferences.
It is in our legitimate interest to look at the preferences that we derive from your browsing behaviour and purchases so that we can personalise content to better meet your needs as a customer, provided this is in line with your marketing choices.

To comply with legal requirements to which we are subject, such as tax or financial reporting requirements.
Using your personal data in this way is necessary for us to comply with our legal obligations.

To send you communications about relevant solutions, products and services which may be of interest, in accordance with your marketing preferences.
We will only send you marketing materials where we have your consent or where we have a legitimate interest to keep you updated.

3. Transfer of your personal data

We may transfer your personal data for the purposes set out above:
• To Entrematic Group AB of Lodjursgatan 10, Landskrona, Sweden, or to other companies within the ASSA ABLOY group if your request can not be satisfied by ourselves or to offer you complementary products
• To third parties who provide services connected to this digital service or its functions, but only to the extent necessary to provide these services. For example: our digital marketing agency, our hosting provider, our customer support teams and the developers of this digital service.
• When required by law.
• To a buyer or a potential future buyer of our business.

Personal data of nationals of EU member countries / European Economic Area may only be sent to recipients in EU / EEA countries. Only data from nationals of non-EU / EEA countries may be transmitted outside the EU / EEA.
As in some cases these countries have a lower level of protection than that within the EU/EEA, when transferring personal data to countries outside the EU/EEA we use standard contractual clauses approved by the European Commission to ensure a sufficient level of protection for your personal data. These standard contractual clauses can be found via the following link: http ://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm.
We take measures to protect all personal data transferred to a third party, or to other countries, in accordance with applicable data protection laws and as stated above.
For how long will we store your personal data?
We store personal data for as long as necessary to fulfil the purpose for which the data has been collected. This means that we delete your personal data when such data is no longer necessary to process a request or an order, or to manage your account, your marketing preferences or our relationship. Statistics which have been anonymised may be saved for longer.
Type of data stored and how long is it stored?
Contact information you provide, such as your name, email address, region/country and company name.
Deleted 12 months after becoming inactive or after three email bounces.

Your responses in surveys that you participate in.
Deleted 12 months after the end of the survey period. Aggregate data that can’t be tied to an individual may be stored longer.

Marketing preferences such as opt-in or opt-out to receive information and newsletters through email.
Indefinitely, as it is a legal requirement to respect your preferences.

Information related to our business relationship, such as data in orders and quotes, requirements that you provide us with and delivery information.
For the duration of our business relationship and 18 months thereafter. Data may be stored longer when we are legally required to do so.

4. Your rights

In relation to the personal data that we hold about you, you have the right to:
• Request a copy of your personal data from our records ;
• Ask that we correct or erase your personal data (though this may mean that we cannot process requests or orders, or that your account expires);
• Ask us to stop processing your personal data (for example as regards the use of the data to improve our website), or restrict how we process it (for example if you deem the data to be incorrect);
• Request the personal data used to provide you with information you requested, process an order, or manage your account or our relationship in a machine-readable format, which you are entitled to transfer to another data controller; and
• Withdraw your consent to us processing your data for marketing purposes at any time.

Requests to exercise your rights should be addressed to our Data Protection Manager, Denis Roche, by mail at Nergeco 8 rue de l’Industrie 43220 Dunières or by e-mail dpm@nergeco.fr.

f you have a complaint regarding our processing of your personal data you are entitled to report this to the supervisory authority where you live or work.

Changes to this privacy notice

We may update this privacy notice from time to time in response to changing legal, regulatory or operational requirements. We will notify users of any such changes (including when they will take effect). The latest version of our privacy notice is available through our website.
Your continued use of the digital service after any such updates take effect will constitute acceptance of those changes. If you do not accept any updates to this privacy notice, you should stop using this digital service.