-1?wid=1664&hei=445&fmt=png-alpha)
Hospitality products and services - Privacy notice
This Privacy Notice outlines how ASSA ABLOY Global Solutions AB (referred to as “We”) will process and protect the personal data of End Users (referred to as "You") who use Vostio Access Management, Vostio Location Services, ASSA ABLOY Hospitality Mobile Access Solutions (that includes Mobile Access and Livvi Applications and any other Service tool in relation to Vostio) or the Software Development Kit (collectively referred to as the "Services").
As the Data Controller for the data processing activities described in this notice, We are responsible for processing your personal data in compliance with data protection legislation. Our company, ASSA ABLOY Global Solutions AB, is registered in Sweden under number 556666-0618, with a registered address at Förmansvägen 11, 117 43, Stockholm.
We are committed to respecting your privacy and will only process your personal data to the extent necessary to provide the Services and specific purposes listed in this notice. We also take measures to anonymize or statistically aggregate the information We collect whenever possible. Please read this notice carefully to understand how We will use and protect your personal data.
Please note, personal data can be additionally processed in the Services under the control of your company service administrator. Your company service administrator, typically your employer or a contracting party to your employer, holds administrative control and determines the purposes and means of processing your data. In this context, We operate as a service provider and/or Data Processor on behalf of your Service Administrator. Please refer to your company Privacy Notice to understand their practices.
Personal data We collect, uses of your data, Lawful basis, and Retention period
Vostio Access Management, Vostio Location Services, ASSA ABLOY Hospitality Mobile Access Solutions
| Processing Purpose | Personal Data Categories | Lawful Basis | Retention |
| To administer the Services, ensure reliability, and that content is presented in the most effective manner for you and your device. |
| Legitimate interest | 90 days |
| To identify aspects of the Services which could be improved, ensure quality, and provide you with the latest updates and improvements |
| Legitimate interest | 90 days |
| To secure and protect the Services against malicious attempts, identify, and prevent fraud or other unlawful activity | IP address | Legitimate interest | 365 days |
| To analyze and test our Services, collect surveys and statistics, crash reports |
(Mobile Applications only) | Consent | 26 months 90 days |
Additional processing purposes for Hospitality Mobile Access application
The following processing purposes listed in the table below apply in addition to the above ones, only for Hospitality’s Mobile Access Application.
| Processing Purpose | Personal Data Categories | Lawful Basis | Retention |
| To create and maintain your Hospitality Mobile Access account | Email address | Consent | 2 years, from last usage of the application |
| Manage mobile access credentials |
| Consent | 2 days from key expiration |
| Invite to download mobile access credentials | Email address
| Consent | 90 days |
Software Development Kit (SDK)
The following processing purposes listed in the table below are applicable for the Software Development Kit (none of the previous processing purposes apply to the SDK).
| Processing Purpose | Personal Data Categories | Lawful Basis | Retention |
| To secure and protect the service against malicious attempts, identify, and prevent fraud or other unlawful activity | IP address
| Legitimate interest | 365 days |
Under the California Consumer Privacy Act, We have collected the following categories of personal information from end users within the last twelve (12) months. The Service Administrator could be processing additional categories for which We are not the responsible organization.
| Category | Examples | Collected |
| A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name | YES |
| F. Internet or other similar network activity | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES |
For clarity, We do not collect data you submit to the service, or receive from it, as part of our monitoring activities. Only the act of submitting or receiving is recorded. For example, We may record that you entered information into a particular form field, but not the information itself or We may record that you ran a particular report, but not the resulting details of the report.
Sharing and Disclosure of personal Information
We do not monetize any personal information processed in the service or sell it to third parties. We may disclose your personal information to a third party for business purposes. When We disclose personal information for a business purpose, We enter into a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
We may transfer your personal data for the purposes set out above,
- To a relevant ASSA ABLOY group entity that may offer internal services across the ASSA ABLOY Group.
- To 3rd party companies providing services connected to the purposes defined above.
- Analytics providers who supply us with services for collecting and analyzing feedback and usage information.
- Customers with whom you have engaged in a business relationship or contract.
- We will disclose your personal information to third parties:
- If We are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If We are under a duty to disclose or share your personal data in order to comply with law or any other legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of us, our customers, or others.
In the preceding twelve (12) months, We have NOT disclosed the following categories of personal information for a business purpose in accordance with CCPA.
We may transfer personal data outside of the EU/European Economic Area (“EEA”). We use the EU/EEA standard contractual clauses approved by the European Commission to ensure a sufficient level of protection of your personal data, should personal data from a country in the EU or EEA is transferred to a country outside the EEA, and for which the EU commission has not issued an adequacy decision. These standard contractual clauses, as well as further information on international data transfers can be found here.
Security
We maintain reasonable security measures (including physical, electronic, and administrative) to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, We limit access to personal data to authorized employees and contractors who need to know the information in the course of their work tasks.
We take your safety and security very seriously and We are committed to protecting your personal information. All information you provide to us is stored on secure servers. Where We have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Please be aware that, although We endeavor to provide reasonable security measures for personal data, the transmission of information via the internet is not completely secure. No security system can prevent all potential security breaches.
Your rights
Data protection legislation gives you the right to access, rectify or erase information held about you. Your right of access can be exercised in accordance with the data protection legislation. You can exercise these rights at any time by emailing us at privacy.globalsolutions@assaabloy.com
Where processing of your personal data is based on consent, you can withdraw consent at any time. You are entitled to the following:
- to ask for an access to your personal data that has been processed by us
- to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
- to ask for the information We hold about you to be rectified if it is inaccurate or incomplete;
- to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent) you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed or the data needs to be erased to comply with a legal obligation;
- to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected, or you exercise your right to object (pending verification of whether there are legitimate grounds for processing); and
- to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.
The Regulator
If you have a complaint regarding our processing of your personal data, you are entitled to report this to the relevant Data Protection Authority.
If you are based in the EU/EEA Area, We designate the Swedish Data Protection Authority as the supervisory authority for the processing of your data. If you have a complaint regarding our processing of your personal data you are entitled to report this to the Swedish Data Protection Authority (IMY) at Box 8114, 104 20, Stockholm, Sweden. Details of the Swedish Data Protection Authority can be found here.
If you are based outside of EU/EEA area, you may report your complaint to the Data Protection Authority in your country.
Changes to our privacy policy
Any changes We make to our privacy policy in the future will be posted on the relevant section of our Service. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to “Hospitality Products and Services, ASSA ABLOY Global Solutions AB, Förmansvägen 11, 117 43, Stockholm, Sweden” or email privacy.globalsolutions@assaabloy.com
Last updated October 2023