Products and Services – Privacy Notice

This Product and Services Privacy Notice outlines how Access Technology A/S also known as IntelligentCARE (referred to as “We”) will process and protect the personal data of End Users (referred to as “You”) who use EasyAccess and IntelligentCARE as well as Access Tech Fjernbetjening and IntelligentCARE Pro Applications (collectively referred to as the “Services”).

As the Data Controller for the data processing activities described in this notice, We are responsible for processing your personal data in compliance with data protection legislation. Our company, Access Technology A/S, is registered in Denmark under company number (CVR) 32831192 with address at Marøgelhøj 22C, 8520 Lystrup.

We are committed to respecting your privacy and will only process your personal data to the extent necessary to provide the Services and specific purposes listed in this notice. We also take measures to anonymize or statistically aggregate the information We collect whenever possible. Please read this notice carefully to understand how We will use and protect your personal data as listed in the tables below.

Please note, personal data can be additionally processed in the Services under the control of your Service Administrator. Your Service Administrator, typically your employer or a contracting party to your employer, holds administrative control and determines the purposes and means of processing your data. We operate as a service provider and/or Data Processor on behalf of your administrator, except where We determine the processing purposes and means as listed in the tables below. Please also refer to your administrator’s Privacy Notice to understand their practices.

Personal data We collect, Uses of your data, Lawful basis and Retention period

Processing Purposes

Personal Data Categories

Lawful Basis

Retention period

To administer the Services, ensure reliability, and that content is presented in the most effective manner for you and your device

Username
Access token
Browser and version
Device type and model (App only)
Operating system and version (App only)

Legitimate Interest

6 months

To identify aspects of the Services which could be improved, ensure quality, and provide you with the latest updates and improvements

Device firmware and error log
Version information

Legitimate Interest

6 months

To secure and protect against malicious attempts, identify, and prevent fraud or other unlawful activity

IP address

Legitimate Interest

6 months

Under California Consumer Privacy Act, We have collected the following categories of personal information from end users within the last twelve (12) months. The Service Administrator could be processing additional categories for which We are not the responsible organization.

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name

YES

F. Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.

YES

For clarity, We do not collect data you submit to the Services, or receive from it, as part of our monitoring activities. Only the act of submitting or receiving is recorded. For example, We may record that you entered information into a particular form field, but not the information itself or We may record that you ran a particular report, but not the resulting details of the report.

We take your privacy seriously and do not monetize your personal information. Certain states such as California and Nevada define the “sale” of data broadly, including the sharing of data with third parties. Under CCPA using cookie related technologies to collect usage analytics from our end users may be defined as a “sale”. This section describes the “sharing, disclosing, selling” of personal information.

We do not sell your personal data to third parties. However, We may disclose your personal information to a third party for a business purpose. When We disclose personal information for a business purpose, We enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

• We may transfer your personal data for the purposes set out above, to a relevant ASSA ABLOY group entity. ASSA ABLOY group entities may also receive or gain access to personal data when rendering ASSA ABLOY Group internal services.
• To third party business partners who provide services connected to the purposes defined above.
• Analytics providers who supply us with services for collecting and analyzing feedback and usage information.
• Our customers, channel partners or their agents with whom you have engaged in a business relationship or contract.

We will disclose your personal information to third parties:

• In the event that We sell or buy any business or assets, in which case We may disclose your personal data to the prospective seller or buyer of such business or assets.
• If We are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If We are under a duty to disclose or share your personal data in order to comply with law or any other legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others.

In the preceding twelve (12) months, We have disclosed the following categories of personal information for a business purpose:

• Category A: Identifiers
  Category F: Internet or other similar network activity

We also transfer personal data outside of the EU/European Economic Area (“EEA”). We use the EU/EEA standard contractual clauses approved by the European Commission to ensure a sufficient level of protection of your personal data if personal data from a country in the EU or EEA is transferred to a country outside the EEA, and for which the EU commission has not issued an adequacy decision. These standard contractual clauses, as well as further information on international data transfers can be found here.

We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, We limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks.

We take your safety and security very seriously and We are committed to protecting your personal information. All information you provide to us is stored on secure servers. Where We have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Please be aware that, although We endeavor to provide reasonable security measures for personal data, the transmission of information via the internet is not completely secure. No security system can prevent all potential security breaches.

Data protection legislation gives you the right to access, rectify or erase information held about you. Your right of access can be exercised in accordance with the data protection legislation. You can exercise these rights at any time by emailing us at privacy@acct.dk.

Where processing of your personal data is based on consent, you can withdraw consent at any time. You are entitled to the following:

• to ask for an access to your personal data that has been processed by us
• to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
• to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest;
• to ask for the information We hold about you to be rectified if it is inaccurate or incomplete;
• to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation;
• to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected, or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
• to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.

If you have a complaint regarding our processing of your personal data, you are entitled to report this to the relevant Data Protection Authority.

If you are based in the EU/EEA Area, We designate the Swedish Data Protection Authority Data Protection Authority as the supervisory authority for the processing of your data. If you have a complaint regarding our processing of your personal data you are entitled to report this to the Swedish Data Protection Authority (IMY) at Box 8114, 104 20, Stockholm, Sweden. Details of the Swedish Data Protection Authority can be found here.

If you are based outside of EU/EEA area, you may report your complaint to the Data Protection Authority in your country.

This Notice may, from time to time, contain links to and from external websites, please note that these websites have their own privacy policies and that We do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Any changes We make to our privacy policy in the future will be posted on the relevant section of our Service. Please check back frequently to see any updates or changes to our privacy policy.

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to Access Technology A/S, Marøgelhøj 22C, 8520 Lystrup, Denmark or please email privacy@acct.dk.

Last updated February 2024