Privacy Notice – Subject Access Request

ASSA ABLOY AB will process your personal data regarding your request relating to management of your personal data in the following way.

What personal data will ASSA ABLOY process and why?

We will store and use

(a) your contact information in order to be able to communicate with you regarding your request,
(b) the information you provide us with in relation to your request,
(c) information required to be able to verify your identity (such as copy of identification documentation, employee number or customer number) and
(d) the personal data needed to answer your request.

On what ground will ASSA ABLOY use your personal data?

Our collection and processing of your personal data is based on the requirement to fulfil the legal obligation to respond to a subject access request in accordance with Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws and regulations.

Transfer of personal data

Transfer of your data may occur to the following categories of recipients, to the extent necessary to fulfil your request:

(i) authorities, such as the Swedish Authority of Privacy Protection (IMY) when exercising supervision, other companies in the ASSA ABLOY Group that need access to such information in order for us to reply to your request, and
(ii) if we engage an external service supplier or cooperation partner who execute services on our behalf. Service suppliers and cooperation partners may only process personal data according to our instructions.

We strive to ensure that processing of personal data is done within the EU/EEA. Personal data may be transferred outside the EU/EEA where needed to process your request, such occurs in accordance with applicable data protection legislation and for the purposes stated above.

We will in such cases verify the level of protection in the country to which data is transferred. Such level of protection may be sufficient based on a decision by the European Commission:
Data protection adequacy for non-EU countries

If no such decision is available, we take additional measures to ensure such protections are equivalent to the level of protection in the EU/EEA.
Such level of protection may be reached based on the European Commission’s Standard Contractual Clauses:
Standard Contractual Clauses (SCC) - European Commission

Some services, such as Microsoft email services, may in certain cases be subject to transfers outside the EU/EEA, for example to the United States, such as when technical support is requested.

If you have any questions regarding data transfers, please contact us.

For how long will ASSA ABLOY store your personal data?

We store the personal data which is processed in connection with your request for eighteen (18) months after our final response has been sent.

If we answer your request and it does not lead to further communication, we delete your emails within three (3) months.

Information and access rights

Right to access and rectification
You have the right to request access to the personal data relating to you. This includes the right to be informed whether or not personal data about you is being processed, what personal data is being processed, and the purpose and legal basis of the processing. You also have the right to rectify or add personal data if the personal data is inaccurate or incomplete. As soon as we become aware of any inaccurate personal data being processed, we will always correct such personal data as soon as possible and notify you accordingly.

Right to erasure
You may also request that your personal data be erased for example in the following situations:

if the personal data is no longer necessary for the purposes for which it was collected,
if we process your personal data based on our legitimate interest, where we do not have an overriding interest in relation to your privacy interest,
if the processing is unlawful, or
if the personal data has to be erased to enable us to comply with a legal requirement.

If you have any questions about your right to erasure, please contact the Data Protection Manager (DPM) (see below for contact details). Please note that we may reject your request if the processing is permitted or required according to law or any other relevant legal ground.

Right to object
You are also entitled to object to our use of your personal data where we base the processing on our legitimate interest. You can contact us via the contact details below.

Right to restriction
You can request us to restrict the processing of your personal data in the following situations:

if you withdraw your consent for use of data that we base on your consent,
if you believe the personal data may not be correct,
if you believe that the legal basis for the processing of personal data is incorrect, or
if we process your personal data based on our legitimate interest, where we do not have an overriding interest in relation to your privacy interest.

Right to Data Portability
If you request access to personal data about you that you yourself have provided and if the personal data is being processed automatically and/or in accordance with a contract between you and ASSA ABLOY, you may request that the data is provided in a structured, commonly-used and machine-readable format and you may also request that the personal data is transferred to another controller, if this is technically possible.

In certain circumstances, we may need to restrict the above rights to safeguard the public interests and/or our interests.

ASSA ABLOY AB, Reg. no 556059-3575 is responsible for the processing of your personal data, and requests to exercise your rights as stated above shall be addressed to gc.privacy@assaabloy.com or ASSA ABLOY AB, Attn: Data Protection Manager, Box 703 40, SE-107 23 Stockholm.

If you have a complaint regarding the processing of your personal data by ASSA ABLOY you are entitled to report such dissatisfaction to the supervisory authority for the personal data processing of ASSA ABLOY, Swedish Authority of Privacy Protection (imy.se).

Privacy Notice – Subject Access Request, version 1.2, March 17, 2025