Privacy Notice Privacy notice Your personal data ASSA ABLOY is committed to protecting your personal data. This privacy notice describes: the types of personal data we collect from you in connection with this digital service; how we use that information and why; who we share it with and where; how long we store it for; your rights, including how you can contact us with questions about the processing of your data; and how we can make changes to this notice. Please click on the links above to navigate directly to the relevant section of this privacy notice. As a business established outside of the European Economic Area (EEA) ASSA ABLOY Americas division (ASSA ABLOY) is generally not required to comply with the EU General Data Protection Regulation (GDPR). Notwithstanding the absence of any legal requirement to do so, Baron is committed to voluntarily applying the high standards of data privacy set out in the GDPR across the Company and its Group. Baron of Woodbridge, Ontario Canada, as "data controller" is responsible for the processing of your personal data. What personal data we collect We collect and store: Why do we process this personal data? What is the basis for such processing? To provide you with the information you request. Using your personal data in this way is necessary for us to respond to your request, which is our legitimate interest. To set up and manage your account, for example by sending you password reminders or notifications of changes to your account details. Using your personal data in this way is necessary for us to provide you with an online account that is our legitimate interest. To fulfil your order where you have made a purchase from this digital service, to contact you about sales and as a part of our customer relation procedures. Using your personal data in this way is necessary for us to perform our contractual obligations where you have placed an order on this digital service. To take measures to keep your payments safe and secure and to protect the security of our website. It is in our legitimate interests to process personal data to take measures to keep our customers' payments secure, prevent fraud and protect our digital services from cyber-attacks. To carry out statistical analysis about the use of the website to better understand how our website is used and make improvements. It is in our legitimate interest to look at this information to understand how our website is being used and manage and improve it. Since no sensitive personal data will be processed and the processing is limited, we have concluded that our legitimate interest to conduct the improvements and analysis takes precedence over your privacy interest. To better understand your interests and preferences, in order to provide you with an experience that is tailored to those interests and preferences. It is in our legitimate interest to look at the preferences that we derive from your browsing behavior and purchases so that we can personalize content to better meet your needs as a customer, provided this is in line with your marketing choices. To comply with legal requirements to which we are subject, such as tax or financial reporting requirements. Using your personal data in this way is necessary for us to comply with our legal obligations. To send you communications about relevant solutions, products and services which may be of interest, in accordance with your marketing preferences. We will only send you marketing materials where we have your consent or where we have a legitimate interest to keep you updated. When you request information from us: your name, address, email and/or telephone number which you submit in order to obtain information from us. When you order from us: your contact and delivery details as well as any other information required to verify and fulfil the order. This also includes financial information that you submit to us. When you visit our digital services and websites: your browsing behavior on the site, such as pages visited and the time spent on each page. Use of your personal data Transfer of your personal data We may transfer your personal data for the purposes set out above: To other companies within the ASSA ABLOY Group. To third parties who provide services connected to this website or its functions and related services, but only to the extent necessary to provide these services. For example: our digital marketing agency, our hosting provider, our customer support teams and the developers of this digital service. When required by law. To a buyer or a potential future buyer of our business. Recipients may be located in many countries around the world, including countries outside the European Union (EU) and the European Economic Area (EEA). As in some cases, these countries have a lower level of protection than that within the EU/EEA, when transferring personal data subject to GDPR to countries outside the EU/EEA we use standard contractual clauses approved by the European Commission as a measure to provide a legally sufficient level of protection for your personal data. These standard contractual clauses may be found via the following link: https://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. We take measures to protect all personal data transferred to a third party, or to other countries, in accordance with applicable data protection laws and as stated above. For how long will we store your personal data? Type of data stored How long is it stored? Contact information you provide, such as your name, email address, region/country and company name. Deleted 12 months after becoming inactive or after three email bounces. Your responses in surveys that you participate in. Deleted 12 months after the end of the survey period. Aggregate data that can’t be tied to an individual may be stored longer. Marketing preferences such as opt-in or opt-out to receive information and newsletters through email. Indefinitely, as it is a legal requirement to respect your preferences. Information related to our business relationship, such as data in orders and quotes, requirements that you provide us with and delivery information. For the duration of our business relationship and 18 months thereafter. Data may be stored longer when we are legally required to do so. We store personal data for as long as necessary to fulfil the purpose for which the data has been collected, unless we become subject to a separate legal obligation to retain the data longer, in which case we retain the data as long as required. This means that we delete your personal data when such data is no longer necessary to process a request or an order, or to manage your account, your marketing preferences or our relationship. Statistics which have been anonymized may be saved for longer. Your rights In relation to the personal data that we hold about you, and depending on applicable law, you may have the right to: Request a copy of your personal data from our records; Ask that we correct or erase your personal data (though this may mean that we cannot process requests or orders, or that your account expires); Ask us to stop processing your personal data (for example as regards the use of the data to improve our website), or restrict how we process it (for example if you deem the data to be incorrect); Request the personal data used to provide you with information you requested, process an order, or manage your account or our relationship in a machine-readable format, which you are entitled to transfer to another data controller; and Withdraw your consent to us processing your data for marketing purposes at any time. Notwithstanding any request that you may make to correct, erase, or cease processing of your data, we may nonetheless retain such data in its original format and without alteration where we are subject to a legal requirement to do so. Requests to exercise your rights should be addressed to “Attn.: ASSA ABLOY Data Protection Manager” at [ENTITY] or [CONTACT]. If you have a complaint regarding our processing of your personal data, depending on applicable law, you may be entitled to report this to a supervisory authority where you live or work. Alternatively you may send correspondence to: Privacy.Americas@assaabloy.com or Privacy Manager, ASSA ABLOY Americas, 110 Sargent Drive, New Haven, CT 06511. Changes to this Privacy Notice We may update this privacy notice from time to time in response to changing legal, regulatory or operational requirements. We will take appropriate and feasible steps to notify users of any such changes (including when they will take effect). The latest version of our Privacy Notice is available through our website. Your continued use of the digital service after any such updates take effect will constitute acceptance of those changes. If you do not accept any updates to this privacy notice, you should stop using this digital service.