ABB BuildingPlus Privacy Policy

Updated: 2024-03-10

At ABB, respecting your data privacy rights is a top priority. This policy explains why and how we collect personal data about you, how we process such data, and what rights you have regarding your personal data.

Who controls your personal data

ABB is responsible for your personal data. ABB refers to ABB Xiamen Smart Technology Co., Ltd. For the purposes of applicable data protection law, ABB Xiamen Smart Technology Co., Ltd. will be the controller of your data, as the entity providing the ABB BuildingPlus platform.

Other subsidiary companies of ABB as listed in the Section “Parties we share your personal data with (in and outside the EU and EEA or outside the country where the ABB company that controls your data is located)” may also receive and process your personal data, either in the capacity of controller or processor and this Notice applies equally to them.

The personal data we collect about you and how we get it

To facilitate the process, also including the account creation procedure the following categories of personal data are provided to ABB and stored on ABB Infrastructure with standard process:

• Nickname
• Personal Mobile Number
• Email address
• Profile photo
• Geolocation information
• IP address and Device identifier

What we use your personal data for

We use your personal data to:

• provide and administer ABB BuildingPlus Platform
• create and manage your APP account or portal account
• provide a better user experience when you use our applications and services
• comply with applicable legal requirements

We only collect the personal data from you that we need for the above purposes. We may also anonymize your personal data, so it no longer identifies you and use it for various purposes, including the improvement of our services and testing our IT systems.

The legal basis on which we use your personal data

We follow the principles of lawfulness, legitimacy, necessity, and good faith to process your personal data, and we use your personal data for the purposes described in this Notice based on one of the following legal bases, as applicable:

• We process your personal data on the basis of legal requirements, to fulfill our legal obligations resulting from the Personal Information Protection Law of the People's Republic of China and the regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and similar privacy and data protection laws (such as the UK General Data Protection Regulation, the California Consumer Privacy Act, the Swiss Data Protection Act, the Singapore Personal Data Protection Act, the Thai Personal Data Protection Act etc.) relevant for the company, to which the request has been submitted, as well as legal obligations associated with the provision of services or which we are required by law to collect and process (mainly based on PRC and GDPR applicable laws and regulations).
• We primarily collect and process your personal data to fulfil and perform our services provided to you. As part of our services, we need to process your personal data which are required by us to perform the services.
• Your consent: we may occasionally ask you for specific and separate permission to process some of your personal data (in particular, the sensitive personal data) if other legal bases are not applicable, and we will only process your personal information in this way if you agree for us doing so.

How we share your personal data

We only share your personal data with other ABB affiliates or third parties as necessary for the purposes described in this notice:

• ABB affiliates and subsidiaries (see the list of ABB subsidiaries), for the purposes described in this privacy notice. EU Model Clauses are in place to protect your personal data;
• ABB business partners, distributors, and agents located in EU and non-EU, for the purposes described in this privacy notice. EU Model Clauses are in place to protect your personal data;
• Potential or actual acquirers of ABB businesses or assets for the evaluation of the business or assets in question or for the purposes described in this privacy notice. EU Model Clauses and commercial contracts ensuring your data is only used to evaluate ABB’s business or assets or for the purposes described herein;
• Recipients as required by applicable law or legal process, to law enforcement or government authorities, etc. where required by applicable law or a legitimate request by government authorities, or a valid legal requirement. We will ensure, to the extent possible, that adequate protection is provided for your data when it is transferred out of the EU in these circumstances.

Where we share your personal data with an affiliate or third party so that it is transferred to or becomes accessible from outside the European Union (“EU”) and the European Economic Area ("EEA") or outside the country where the ABB company that controls your data is located, we always put adequate safeguards in place to protect your personal data. We have taken additional measures for the transfer of data from within to outside the EU, EEA and outside the country where the ABB company that controls your data is located to protect your personal data. If you would like an overview of the safeguards which are in place, please submit a request at www.abb.com/privacy.

Mobile function

In the process of using ABB smart engineering applications, APP may need to apply for the following mobile phone system function permissions:

（1）Camera and album functions:

The App shall take photos through the mobile camera to facilitate you to quickly scan the QR code of the device, bind the device, and set the avatar.

（2）File read/write function - Android only:

We shall call the file read/write permission of your device to enable you to use related functions, such as avatar upload.

（3）Acquire device identifier (Android ID)

It is used for user account login function.

Third-party SDK Instructions

In some specific use scenarios, we may use software service kits ("SDKs") or other similar applications provided by third-party service providers with corresponding business qualifications and capabilities to provide services for you, and the third-party service providers will collect your necessary information. We will carefully conduct a comprehensive assessment of the security capabilities of these partners and require them to comply with the cooperation legal agreement. We will strictly monitor the security of software tool development kits (SDKs) and application program interfaces (APIs) that partners obtain information to protect information security. The situations involving embedded third-party SDK are listed as follows:

（1）Baidu Maps

SDK Name: Baidu Maps

Purpose: to obtain the device location and display the nearest cell list to the user

Usage Scenario: when a user applies for a key, the nearest cell list is displayed

Data Type: Location Information

Affiliated institution: Beijing Baidu Netcom Science and Technology Co., Ltd.

Official Website: https://lbsyun.baidu.com/

（2）Tuya SDK

SDK Name: Tuya SDK List

Purpose: to achieve smart home device configuration (This function is not available at this moment)

Usage Scenario: realize the operation of smart home equipment distribution network

Data Type: location information, network information, mobile device information, intelligent device information, and intelligent device related information

Affiliated Institution: Hangzhou Tuya Information Technology Co., Ltd

Official Website: https://www.tuya.com

Account Management

Account registration: users can create accounts for them through a higher-level account. The account owner's mobile phone needs to be checked to ensure that the account is created as required by the account owner during the account creation process. For the first login, the user needs to change the password to ensure the security of the account.

Account cancellation: The user can contact the higher-level account to cancel his/her account while confirming that he/she no longer uses the services provided by the ABB smart community platform. Constructors can click the account cancellation button in the ABB smart engineering application to obtain the account cancellation method. You can also contact ABB directly to cancel your account.

How long we keep your personal data

We will only retain your personal data obtained via the application as long as our legitimate interest or your consent remains valid. In general, although there may be limited exceptions due to local legal requirements (such as tax or commercial law), we will keep your personal data collected in application and used for process for a period of up to 3 years after your last use of ABB BuildingPlus platform service. After this time, we will securely delete your personal data. If necessary to meet legal or regulatory requirements and/or resolve disputes, we may keep some of your personal data after this time.

Your data privacy rights

Depending on the jurisdiction in which you are located and in which your personal data is processed, you may have the following rights:

• The right of data access: You have a right to obtain a copy of the personal data we hold about you, subject to certain exceptions.
• The right of data rectification: You always have a right to ask for immediate correction of inaccurate or incomplete personal data.
• The right of data erasure: You have the right to request that personal data be erased when it is no longer needed, where applicable law obliges us to delete the data or the processing of it is unlawful. You may also ask us to erase personal data where you have withdrawn your consent or objected to the data processing. However, this is not a general right to data erasure – there are exceptions.
• The right to restrict data processing: You have the right to restrict the processing of your personal data in specific circumstances. Where that is the case, we may still store your information, but not use it further.
• The right to data portability: You have the right to receive your personal data in a structured, machine-readable format for your own purposes, or to request us to share it with a third party.
• The right to object to the data processing: You have the right to object to our processing of your personal data based on the legitimate interests, where your data privacy rights outweigh our reasoning for legitimate interests.
• The right to withdraw consent: Where ABB has asked for your consent to process personal data, you may withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal
• Do not sell my personal information - Opt-out of the sale of your personal information, definition: you have a right to request ABB not to sell or share your personal data with our business partners. Note: applicable only to ABB customers, who are California residents (Country - United States of America; Region - United States of America [California])

Please note that the rights described above are not absolute, and that your request cannot always be met entirely. For example, sometimes we cannot delete or restrict the processing of your personal data as we may have legal obligations or contractual obligations to keep certain such personal data

You may request to enforce your data privacy rights by contacting at support.cndex@cn.abb.com or privacy@abb.com

Update of Policy

We are continually working to improve our products, services, and technology to bring you a better experience with our products and services. As new services and business processes change, we may update our privacy policy to inform you of specific changes. We will not limit your rights under this policy without your express consent. We will post any changes to this policy on a dedicated page.

We will also provide more prominent notice of significant changes (including notice through our BuildingPlus client posting or by providing you with a pop-up alert).

Significant changes within the meaning of this policy include but are not limited to.

• Significant changes in the business model of the product. Such as the purpose of handling personal information, the type of personal information held, and the way personal information is used.
• Changes in the subject of privacy policy caused by business restructuring, transaction mergers and acquisitions, and changes in the original processing purposes and processing methods by the new subject recipient
• Changes in the primary recipients of personal information sharing or public disclosure
• Significant changes in the rights of users to personal information and the manner in which they are exercised.
• Changes in the contact information and complaint channel of the person in charge of handling personal information protection.
• When the personal information protection impact assessment report indicates the existence of products that have a significant impact on the rights and interests of individuals.

Contact and further information

If you have any questions about how we use your personal data or wish to make a complaint about how we handle it, you may contact us at support.cndex@cn.abb.com. We will reply to your inquiries or complaint within 15 working days of receipt.

Alternatively, if you want to access your personal data, make use of any of your other rights mentioned above or if you have any questions or concerns about how ABB processes your personal data, please contact our Group Data Protection Officer at privacy@abb.com, or submit your complaint at www.abb.com/privacy.

Should you not be satisfied with our response or believe we are processing your personal data against the law, you may also have the right to file a complaint with the Data Privacy Authority in your country of residence or work, or seek a remedy through the courts where you believe an infringement of data privacy laws may have taken place.