This Privacy Notice written in compliance with GDPR UE 2016/679 the explains how we collect and use personal information. Personal Information means any information relating to an identified or identifiable natural person; one who can be identified, directly or indirectly, by reference to an identifier such as name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. We collect personal information in a variety of ways through our normal business activities, both online and offline. This includes, for example, when you place orders or purchase products or services, enter into agreements or communicate with us, or visit and use our websites. We also receive personal information from our customers in order to perform services on their behalf.
2. Identity of Data Controller, GDPR art.28 :
To identify the AM SOLUTIONS S.R.L. entity responsible for the processing of your personal information, you can ask your AM SOLUTIONS S.R.L. business contact, or contact our Privacy Office (email@example.com ).
3. Categories of Personal Information, GDPR art.4 :
Personal information that we may collect and process includes:
- Contact Information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
- Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.
- Transactional information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.
- Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.
- Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding building spaces, energy usage data, fault data, event data, environmental data, and other internal or external data as well as product usage information and product performance data. In some circumstances, this information may be Personal Data. In the case of video or security products, the information may also include video and audio signals and data. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws.
4. Legal bases for Processing, GDPR art.6 :
- The performance of a contract with our customers and suppliers.
- The legitimate interests of Johnson Controls, which are our usual business activities.
5. Purposes of Processing, GDPR art.13 and 14 :
- Fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training, product update and safety related notices, and to provide other services related to your purchase.
- Managing our contractual obligations and your ongoing relationship with us, including interacting with you, analyzing and improving the products and services we offer, informing you about our products or services, as well as special offers and promotions.
- Ensuring the security of our websites, networks and systems, and premises, as well as protecting us against fraud.
- Managing our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, fulfillment, corporate governance, audit, reporting and legal compliance.
6. Recipients of Personal Information:
- Third Parties: We may use third parties to provide or perform services and functions on our behalf. We may make personal information available to these third parties, to perform these services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.
- As Required by Law: We may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law, including to meet national security or law enforcement requirements, and including to agencies and courts in the countries where we operate. Where permitted by law, we may also disclose such information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support external audit, compliance and corporate governance functions.
- Mergers & Acquisitions: Personal information may be transferred to a party acquiring all or part of the equity or assets of AM SOLUTIONS S.R.L. or its business operations in the event of a sale, merger, liquidation, dissolution, or other.
- Affiliates: We may also transfer and share such information to AM SOLUTIONS S.R.L. affiliates in compliance with applicable law.
7. International Transfers, GDPR art. from 44 to 49
The third parties, subsidiaries and affiliates to which your personal information can be disclosed may be located throughout the world; therefore information may be sent to countries having different privacy protection standards than your country of residence. In such cases, we take measures to ensure that your personal information receives an adequate level of protection, which include our Binding Corporate Rules, which set forth our high standards for processing personal information collected and processed by us globally, and Standard Contractual Terms to protect your personal information.
8. Retention, GDPR art. 5-a :
We will retain your personal information as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.
9. Protection of Personal Information, GDPR art.25 :
Security measures for protecting personal information: We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-toknow basis. We maintain a comprehensive information security program that is proportionate to the risks associated with the processing. The program is continuously adapted to mitigate operational risks and to protect personal information, taking into account industry-accepted practices. We will also use enhanced security measures when processing any sensitive personal information.
How we protect personal information we process on behalf of our customers (as Data Processor): In some instances, we process personal information on behalf of our customers as a service (in a data processor capacity). We collect and process this personal information only as instructed by our customer and will not use or disclose it for our own purposes. We maintain information security controls to protect your information and will only disclose or transfer the personal information as instructed by the customer or to provide the requested service. Unless otherwise instructed by the customer, we treat the personal information we process on behalf of our customers in line with our commitments on disclosure and transfer as set forth in this notice.
10. Our website:
Using Tracking and Analytics Modes:
11. Your Rights, GDPR art.15 :
You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Privacy Office writing to: firstname.lastname@example.org . To the extent of applicable law, you may have the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may also have the right to lodge a complaint with a supervisory authority.
12. Consent and Withdrawal of Consent, GDPR art.7 :
By providing personal information to us, you understand and agree to the collection, processing, international transfer and use of such information as set forth in this Privacy Notice. Where required by applicable law we will ask your explicit consent. You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose, free of charge by clicking on relevant links on our websites, following the directions contained in an email or by contacting our Privacy Office through the e-mail address email@example.com .
13. Automated Decision-Making:
AM SOLUTIONS S.R.L. respects your rights under law regarding automated decision-making.
14. How to contact us:
If you would like to communicate with us regarding privacy issues or have questions, comments or complaints, please contact our Privacy Office writing to firstname.lastname@example.org.
15. Modifications to our Privacy Notice:
We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice.
This Privacy statement is effective as of: 25 May 2018