Privacy Statement for CLIQ Connect                                  2021-02-15

Background

This Privacy Statement forms a part of the CLIQ Connect End-User Licensing Agreement between you and ASSA ABLOY AB. It describes the processing of your personal data that ASSA ABLOY undertakes on behalf of the data controller.

If you use a CLIQ Connect App in order to have access to areas where the security is managed by an organization or other form of entity to which you are in some way affiliated with, such as your employer that organization is the data controller and can:

If you lose access the CLIQ Connect product (in event of change of employment, for example), you may wish for your personal data to be removed. In such circumstances you will need to approach the data controller.

If your employer, consultant, or organization provides you with access to the CLIQ Connect product or you are required to download the CLIQ Connect App, your use of the CLIQ Connect product and App is subject to an End-User Licence Agreement with ASSA ABLOY and your organization's policies, if any. You should direct your privacy inquiries, including any requests to exercise your data protection rights, to your organization’s administrator. ASSA ABLOY is not responsible for the privacy practices of our customers, which may differ from those set forth in this Privacy Statement.

When you use a CLIQ Connect product provided by your organization or download the CLIQ Connect App, ASSA ABLOY’s processing of your personal data in connection with that CLIQ Connect product or App is governed by a contract between ASSA ABLOY as a processor and your organization as the data controller. ASSA ABLOY processes your personal data to provide the CLIQ Connect product and services to your organization and you, and for ASSA ABLOY’s business operations related to providing the CLIQ Connect product and App. We have provided a description below of ASSA ABLOY’s legitimate business operations in connection with providing the CLIQ Connect products and App to your organization.

ASSA ABLOY have put in place measures to ensure that the CLIQ Connect product is compatible with GDPR legislation but does not act as data controller unless explicitly stated as part of a commercial agreement, or as otherwise stated in information ASSA ABLOY provides to you.

It is the organization administrator’s responsibility to identify the data controller and to ensure that the data collected and the use of the CLIQ product is compliant with GDPR legislation

We respect your right to privacy and are committed to following applicable data protection rules to safeguard your rights. We want to make sure that you understand the type of information collected about you on behalf of the data controller, how it is used and how we protect it.

This Privacy Statement describes:

The information we collect

We may collect the following information, some of which may be considered personal data according to applicable laws and regulations, on its own or together with other information about you:

How we obtain the information

We obtain information from your usage of the CLIQ Connect App. If required, we may obtain information from the data controller (log files), in order to provide support or resolve issues with the delivery of the CLIQ Connect App.

The CLIQ Connect App uses Bluetooth Low Energy (BLE) in order to scan for and connect to Bluetooth-enabled CLIQ devices. Android specifies that the detection of BLE devices requires implicitly or explicitly granted app location permissions depending on whether the functionality is running in the background or not. As the app is scanning and connecting to keys through a service component, meaning the app can interact with Bluetooth-enabled CLIQ devices even if the app is placed in the background, the location permission is needed at all times, and can be considered as always in use as long as the app and it’s service is running.

The reason to request and use the location permission is in order for the CLIQ Connect App to use Bluetooth Low Energy, there are no other features or further usage based on the location permission.

The app does not include or support any advertisements, and no advertisement information is extended to third parties.

Purpose for processing your information

To carry out statistical analysis about the use of the CLIQ Connect Product to better understand how our CLIQ Connect App is used and make improvements. The information we use is anonymized and aggregated.

However, we may undertake statistical analysis on behalf of the data controller if requested by the data controller to do so. In such cases the information data will be processed in accordance with the data controller’s privacy notice.

Where requested to do so by you or the data controller we may access Log files in order to capture and resolve any bugs and/or issues with the CLIQ Connect App.

It is not necessary to process information about you in order to provide you with the account and any information is held encrypted in the cloud. We will only process your personal data if you provide it to us in order to enable us to contact you to enable us to respond to your requests or enquiries.

To provide you with software updates and support.

For security purposes to protect the integrity of the CLIQ Connect App and any data stored by ASSA ABLOY on behalf of the data controller.

Information collected may be stored in the cloud by a trusted third party. Where this is the case the information may be transferred outside of the EEA. The information is encrypted and is not accessible in a non-encrypted format by the cloud provider.

Who we may disclose information to

We may disclose information for the purposes set out above to:

We may use Google Analytics and/or MixPanel.com when obtaining the data for the purposes set out above. Information about how Google collects and processes data can be found at the site “How Google uses data when you use our partners’ sites or apps”, (located at http://www.google.com/policies/privacy/partners/).

Information on how MixPanel.com processes personal data can be found in the MixPanel.com Privacy Statement (located at https://mixpanel.com/legal/privacy-policy/).

We take measures to protect all information transferred to a third party, or to other countries, in accordance with applicable data protection laws and regulations.

Transfer

We may share your information with other companies in our group or with our trusted subcontractors in order to provide the Services and for the purposes set out in this Privacy Statement. Processing of information may therefore take place in countries other than your home country. Information collected in the European Economic Area (the “EEA”), may be stored, processed or transferred outside of the EEA, as described in this Privacy Statement. In some cases these countries have a lower level of protection than that within the EU/EEA. When transferring information to countries outside the EU/EEA we use standard contractual clauses approved by the European Commission to ensure a sufficient level of protection. These standard contractual clauses can be found via the following link: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. 

Period of retention and use

We retain information on instructions of the data controller until the relationship with the data controller is terminated or if the data controller instructs us to delete the information. If instructed by the data controller, we will delete the information without undue delay.

Tracking of usage statistics

Information on how MixPanel.com processes personal data can be found in the MixPanel.com Privacy Statement (located at https://mixpanel.com/legal/privacy-policy/).

Precautions

Unfortunately, transmission via the Internet is not completely secure and we cannot guarantee the security of information transmitted to us. Any transmission of information will be at your own risk. Once we have received the information, we will take appropriate precautions to protect it from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Despite the protective measures we put in place, you understand that no data security measure can guarantee complete security at all times.

Children

The CLIQ Connect App or services are not directed to children under the age of 18, and we do not knowingly collect personal information from children under 18. It is the responsibility of the data controller to inform us if personal information from children under 18 is collected and processed.

Your rights

You should refer to the data controller’s privacy notice to find out what your rights are.

If you want to make a request in relation to the processing of your personal data, you should make the request of your data controller.

Contacts

If you have any complaints about the way in which the personal data is being processed you should contact the data controller, but you also have the right to lodge a complaint with Integritetsskyddsmyndigheten: www.imy.se, Supervisory Authority of Sweden.

ASSA ABLOY AB, 556059-3575 of P.O Box 70340, SE- 107 23 Stockholm, Sweden as the principal data processor in respect of the CLIQ Connect App and is responsible for the processing of your personal data in accordance with the instructions of the data controller and as presented in this Privacy Statement.