ABB Community Privacy Notice

Updated: 2024-03-10

At ABB, respecting your data privacy rights is a top priority. This notice explains why and how we collect personal data about you, how we process such data, and what rights you have regarding your personal data.

Who controls your personal data

ABB will collect your personal data via ABB Community application. ABB refers to ABB Xiamen Smart Technology Co., Ltd at 4th Floor, No. 881, FangShanXiEr Road, Xiang’An Industrial Area, Torch Hi-Tech Industrial Development Zone, Xiamen.

In addition, the real property management company will also collect your personal data and share it with ABB when you choose to link your account at ABB Community application to a particular community managed by the real property management company.

For the purposes of applicable data protection law, ABB and the real property management company will jointly be the controllers of your data.

The personal data we collect about you and how we get it

We have obtained your personal data via ABB Community application.

We may collect the following categories of personal data in the following scenarios:

When you first register an account at ABB Community application,you must submit your personal telephone number and your account password to create an account. During or after registration, you may choose to input your personal information which include name, nickname, gender, date of birth and profile photo. These personal information are completely optional. Your use of ABB Community application will not be affected if these personal information are not provided.

When you choose to initiate a key request at ABB Community application,you must submit your personal telephone number, residence address, authority to house (i.e., house owner or non-house owner) and identification card/passport number (if required by the real property management company). We will send your personal information you submitted through ABB Community application to the real property management company or the house owner (if you are a non-house owner and choose to send your personal information to the house-owner for authentication). The real property management company or the house owner has the sole discretion to grant your key request. After the key request is granted through ABB Community application, you can use the following ways for door open: (i) remote door open, (ii) Bluetooth door open; and (iii) password/QR code door open.

After your key request is granted, if you optionally submit a face identification key request at ABB Community application, you will have to submit your personal telephone number, residence address, authority to house (i.e., house owner or non-house owner) and facial photo. We will collect your facial photo and facial recognition data. Your facial photo and facial recognition data will not be shared with the real property management company or any other third parties. Face identification key request is completely optional and your use of ABB Community application will not be affected if these personal information are not provided . If you do not choose to use this function, you can still use other available ways (e.g., remote door open, Bluetooth door open, password/QR code door open) for door open.

When you obtain an entry card from the real property management company, the real property management company will input your personal telephone number, residence address, authority to house and entry card number at property management platform and share such information with ABB through property management platform. ABB will sync such information in ABB Community application.

When you use one of the five ways for door open (i.e., remote door open, Bluetooth door open, password/QR code door open, entry card door open and face ID door open), the device outdoor station operated by the real property management company will capture your door open record and share such record with ABB. The door open record includes the door open time together with your personal telephone number, residence address and authority to house. If you choose face ID door open, the record also includes a photo captured by the device outdoor station at the entry. The purpose is to verify such photo against your facial recognition data previously uploaded during face identification key request process.

When you or a visitor invited by you use video call at door entry, the device outdoor station will connect the call to your ABB Community application or Guard Unit operated by the real property management company. After the call, the device outdoor station will capture a video call screenshot and share such screenshot with ABB.

As noted in the above scenarios, we may collect your personal sensitive data or obtain your personal sensitive data from the real property management company, which include:

Residence address - if you choose to initiate a key request at ABB Community application, or additionally choose to initiate a face identification key request at ABB Community application, or use one of the five ways for door open, we will collect your residence address or obtain your residence address from the real property management company.
Facial photo and facial recognition data - if you choose to optionally choose to initiate a face identification key request at ABB Community application, we will collect your facial photo and facial recognition data. We will not share your facial photo and facial recognition data with the real property management company or any other third parties. Face identification key request is completely optional. If you do not choose to use this function, you can still use other available ways (i.e., remote door open, Bluetooth door open, password/QR code door open) for door open.
Facial photo taken at entry - If you choose face ID door open, the device outdoor station operated by the real property management company will capture your door open record and share such record with ABB. The record includes a photo captured by the device outdoor station at the entry. The purpose is to verify such photo against your facial recognition data previously uploaded during face identification key request process. The door open record will be deleted after 30 days of the record creation.
Real-time location data - When you use the “Requesting access control key privileges” function in the ABB Community App, we will collect your geographical location data, so that we can show you a list of communities based on distance. In addition, when you use the ABB Community App for Android to use the "Open Door with Bluetooth" function, we need to collect your geographical location for Bluetooth searches. You may at any time turn off the authorization for geographical location data and refuse to provide such information, without affecting your use of our other services.

If information you provided includes personal data of family members or other persons, you agree and warrant to notify these individuals of this Privacy Notice and obtain separate consent from these individuals, whenever required under the applicable laws, prior to the submission of such personal data to ABB. By consenting to this Privacy Notice, you confirm that explicit consent has been obtained from the relevant individuals.

Minor: We do not collect personal information of minor children under 14 years old. Please do not provide personal information of minor children under 14 years old to us. You agree and warrant that the information you provided does not include personal information of minor children under 14 years old.

What we use your personal data for

The personal data we collect is used for the following purposes:

provide and administer ABB Community and Door Entry Control Function.
create and manage your app account
provide better user experience when you use our applications and services
provide notices in connection with app upgrade and security
comply with applicable legal requirements

We only collect the personal data from you that we need for the above purposes. We may also anonymize your personal data, so it no longer identifies you and use it for various purposes, including the improvement of our services and testing our IT systems.

The legal basis on which we use your personal data

We follow the principles of lawfulness, legitimacy, necessity and good faith to process your personal data, and we use your personal data for the purposes described in this Notice based on one of the following legal bases, as applicable:

We process your personal data on the basis of legal requirements, to fulfill our legal obligations resulting from the Personal Information Protection Law of the People's Republic of China and the regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and similar privacy and data protection laws (such as the UK General Data Protection Regulation, the California Consumer Privacy Act, the Swiss Data Protection Act, the Singapore Personal Data Protection Act, the Thai Personal Data Protection Act etc.) relevant for the company, to which the request has been submitted, as well as legal obligations associated with the provision of services or which we are required by law to collect and process (mainly based on PRC and GDPR applicable laws and regulations).
We primarily collect and process your personal data to fulfil and perform our services provided to you. As part of our services, we need to process your personal data which are required by us to perform the services.
Your consent: we may occasionally ask you for specific and separate permission to process some of your personal data (in particular, the sensitive personal data) if other legal bases are not appliable, and we will only process your personal information in this way if you agree for us doing so.

How we share your personal data

We only share your personal data with third parties as necessary for the purposes described in this notice:

Potential or actual acquirers of ABB businesses or assets for the evaluation of the business or assets in question or for the purposes described in this privacy notice.
Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc. where required by applicable law or a legitimate request by government authorities, or a valid legal requirement.

Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. Examples of these safeguards are an adequacy decision of the European Commission or Standard Contractual Clauses. We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.

Mobile function and list of SDK

ABB Community application will use relevant mobile function to access certain permissions of your device and SDK in order to provide Door Entry Control Function to you. Please see the list of mobile function and SDK we may use through ABB Community application.

Log information

When you use the services of ABB Community, our servers and App automatically record some of your log information, which includes the following four aspects:

API Access Log: Contains information that you provide, form, or retain when accessing an API.
Business Operations Log: We will keep your access request log, access audit log, access invitation log, repair log, complaint log and open log, which you can check on App at any time.
Crash Log: In order to give you a better experience of App, we will keep crash information within App for 5 days. Crash information contains App version number and corresponding stack information. Whether or not the crash log should be reported is up to you. If you want to submit a crash log, it will improve the robustness of App. You can go to "Mine" - "Settings" - "Report Information" for log reporting.
Call log: We will keep your call record with the door entry equipment in App locally, which includes the call time, door entry equipment name and community name. Call logs are kept locally in App and will not be reported to ABB. Call logs are kept for only 30 days.

Where we store your personal data

Your data will be stored within China if you are resident of PRC or in Singapore in case of non-PRC residents . To the extent permitted by applicable law, if we need to transfer your personal data outside China for the purposes described in this Notice, we will ask you for specific and separate permission to transfer your personal data outside China, and we will only process your personal information in this way if you agree for us doing so. In case of non-PRC residents, the transfer of personal data for the purposes described in this Notice is based on the necessity for the performance of a contract between you and ABB or, in specific cases, on your permission to transfer your data outside of country of your residence for ABB to be able to perform our services described within this notice to you.

How long we keep your personal data

We will only retain your personal data obtained via the application as long as our legitimate interest or your consent remains valid. In general, although there may be limited exceptions due to local legal requirements (such as tax or commercial law), your door open records will be retained for up to 30 days and this retention period starts from the creation of the door open record. Except for the door open records, your other personal data will be processed for up to 36 months and this retention period starts with every use of our Door Entry Control Function by you. After the retention period, your personal information will be deleted. If necessary to meet legal or regulatory requirements and/or resolve disputes, we may keep some of your personal data after this time.

Data Security

We have established and maintain a formal information and cybersecurity program which includes commercially reasonable technical and organizational measures, in order to establish an appropriate level of security and to protect your personal data against security breaches, accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to your personal data.

Our security mechanisms include but are not limited to, the following:

Data Retention: We retain your personal information on a data minimization basis, using operations such as anonymization during storage. For sensitive information such as passwords, strict hashing and encryption algorithms are used for storage.
Data access: Our API interfaces have strict interface access rights and data access rights control so that for individual users, you can only view data relevant to you. In addition, our services have mechanisms to identify and respond to scripting attacks. At the database level, we have established a strict data access mechanism so that only designated system maintenance personnel have access to our database.
Network communication: HTTPS two-way authentication is used for data communication to ensure the safety of user data in transmission.
Data backup: We have a comprehensive data backup mechanism to protect the integrity of data and prevent data loss and damage.

We will do our best to protect your personal information. We also ask you to understand that no security measure can be foolproof.

Your data privacy rights

Depending on the jurisdiction in which you are located and in which your personal data is processed, you may have the following rights:

The right of data access: You have a right to obtain a copy of the personal data we hold about you, subject to certain exceptions. You can view and edit your personal data by doing the following: Click on the "Mine" page at ABB Community application to view and edit your personal data.
The right of data rectification: You always have a right to ask for immediate correction of inaccurate or incomplete personal data. As noted above, you can click on the "Mine" page at ABB Community application to edit your personal data. For information that cannot be edited at App, you can also contact us at support.cndex@cn.abb.com or privacy@abb.com for data rectification.
The right of data erasure: You have the right to request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful. You may also contact us at support.cndex@cn.abb.com or privacy@abb.com to erase personal data where you have withdrawn your consent or objected to the data processing. However, this is not a general right to data erasure – there are exceptions.
The right of delete the account: You have the right to delete your account and when you choose to delete your account, you delete all personal data relating to you on App. You can cancel your account by clicking on "Mine" - "Settings" - "Cancel Account".
The right to restrict data processing: You have the right to restrict the processing of your personal data in specific circumstances. Where that is the case, we may still store your information, but not use it further.
The right to data portability: You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party.
The right to withdraw consent: Where ABB has asked for your consent to process personal data, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Do not sell my personal information - Opt-out of the sale of your personal information, definition: you have a right to request ABB not to sell or share your personal data with our business partners. Note: applicable only to ABB customers, who are California residents (Country - United States of America; Region - United States of America [California])

Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain such personal data.

You may request to enforce your data privacy rights by contacting at support.cndex@cn.abb.com or privacy@abb.com. Contact and further information

If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact us at support.cndex@cn.abb.com. We will reply your enquiries or complaint within 15 working days upon receipt.

Alternatively, if you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how ABB processes your personal data, please contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy.

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.