Privacy Notice – Suppliers

General

This document describes the processing of personal data in Abloy Oy’s purchasing and supplier management. This privacy notice provides the data subject and the supervisory authority with the information required by the European Union’s General Data Protection Regulation (GDPR) (679/2016).

Controller and contact details

Name: Abloy Oy
Postal address: Wahlforssinkatu 20, 80100 Joensuu, Finland.
Telephone (exchange): +358 20 599 2501
Business ID: 0774324-5
Email address: privacy@abloy.com

This email address is to be used only for addressing matters related to data protection. For all other matters, the correct contact information can be found from https://www.abloy.com/global/en

Whose data is processed?

Persons related to the execution of a contract between Abloy Oy and the supplier and the supplier's subcontractor, the supplier’s employees, representatives, or traders are data subjects.

What is the purpose and legal basis for processing personal data?

The processing of personal data is based on the on the legitimate interest of the controller and compliance with legal obligations. The data controller is responsible for ensuring the legality of data processing based on the rights of the data subject and meeting reasonable expectations.

Personal data groups of the data subject

Purpose of processing a data group

Basis of data processing

Supplier’s representatives or persons at the supplier’s service

 

Communication according to contract

Promoting co-operation

Communication

Contract management

Deliveries

Orders and logistics

Complaints

Invoices

Verification and payment of invoices

Introductions and access rights management for ensuring corporate security and workplace safety.

Data controller's legitimate interest to ensure communication related to the order and delivery process and legal obligation

 

 

 

Basic information of traders

 

 

Contract management

Deliveries

Order processing

Logistics

Complaints

Invoices

Verification and payment of invoices

Introductions and access rights management for ensuring corporate security and workplace safety.

 

Data controller's legitimate interest to ensure communication related to the order and delivery process and legal obligation

 

 

The data controller does not use automatic decision making or profiling

What personal data is processed?

Personal data group

Data content

Supplier’s representatives or persons at the supplier’s service

Name, surname, e-mail address, phone number, position.

Basic information of traders

Name, surname, e-mail address, phone number, data subject’s bank account, bank details, address details

How is personal data collected?

The data stored on the data subject is data provided by the data subject him- or herself or by the supplier’s representative.

Who will the data be transferred to?

Recipient

Purpose of the disclosure

Financial management services provider

Purchase invoice processing and verification

Security services provider

Access rights management

Accounting services provider

Order and invoicing processing

Logistics and supply chain services providerOrder, delivery and invoicing processing

ASSA ABLOY group

 

Collaboration between the provider and group, procurement in an electronic auction and electronic order and delivery process

Auditors

Legally required account audits.

Audit service provider

Auditing of the operations and quality.

Authorities

Compliance with legal requirements

Service providers

Maintenance and support of IT systems

Is personal data processed outside the European Union?

Abloy Oy does not transfer personal data outside the EU or the EEA.

What are the storage periods for personal data?

The data collected in the register will be kept for as long as necessary, and to the extent necessary, for fulfilment of the original or compatible purposes for which the personal data was collected.

Personal data groups

Storage time

Supplier’s representatives or persons at the supplier’s service

According to the duration of the supplier’s contract or during the active co-operation and one year after the end of co-operation, after which the data is deleted

Personal data on invoices

According to accounting legislation, six years after the end of the accounting period

What are data subject’s rights?

Right of Access

The data subject is entitled to obtain confirmation from the controller as to whether the personal data of the data subject is being or has been processed. 

If the data controller processes the personal data of the data subject, the latter is entitled to the information of this document, as well as to a copy of the personal data that is being or has been processed.

If a data subject makes a request electronically and has not requested any other form of delivery, the data will be provided in a generally available electronic format that is compatible with secure delivery of the data.

Right to Correct or Delete Data

The data subject has the right to ask the controller to correct or delete his or her own personal data.

Under certain circumstances, data subjects have the right to request processing of their personal data to be restricted, or to otherwise object to the processing of data. In addition, data subjects may request the transfer of data submitted by the data subjects themselves in a machine-readable form based on the General Data Protection Regulation

How can data subjects exercise their rights?

In all matters involving the processing of personal data, data subjects have the right to contact the controller.

All requests mentioned in the present document must be submitted to the above mentioned contact point of the controller.

Data subjects also have the right to file a complaint with the supervisory authority if their personal data is or has been processed unlawfully.

How is personal information protected?

Abloy Oy processes personal data safely and in compliance with the applicable legislation. Protection of personal data by Abloy Oy is adequate both technically and organisationally.

The data is stored in locked premises that are accessible only to authorised persons. Personal data stored in the systems is accessible only to pre-designated persons who need the information for work-related tasks. IT environments are protected by adequate firewalls and other forms of technical protection

With regard to the processing of personal data, Abloy Oy’s employees and other persons must abide by their obligation of secrecy and must handle personal data confidentially.

This privacy notice has been made:  21 May 2018.

This privacy notice has been updated: 14 January 2020, 9 August 2022