Personal Data Subject to GDPR, UK GDPR and DPA 2018
1. Introduction and Legal Framework for Processing of Personal Data
- This Privacy Policy details how AIPHONE (hereinafter “Aiphone”, “we”, “us” or
“our”)
controls and
processes
Personal Data in connection with our products and services. It only applies to
Processing of Personal Data
subject to EU General Data Protection Regulation No. 2016/679 (the “GDPR”), or
the UK
GDPR and the Data
Protection Act 2018 (the “DPA 2018”).
- We will always process the Data Subject's Personal Data based on one of the
legal
bases provided for in
the
GDPR, or the UK GDPR and the DPA 2018, as applicable. In addition, when
processing
special categories of
Personal Data which require special care, we will do so in accordance with the
special rules provided for in
the
GDPR, or the UK GDPR and the DPA 2018.
2. General Information
2.1 Definitions
The following terms as used in this Privacy Policy shall have the meanings set forth
below:
- “EEA” means the European Economic Area.
- “UK” means the United Kingdom
- “GDPR” means EU General Data Protection Regulation No. 2016/679.
- “UK GDPR” means United Kingdom General Data Protection Regulation
- “DPA 2018” means the Data Protection Act 2018.
- “Personal Data” means the personal data subject to the GDPR, or the UK GDPR and
the
DPA 2018. Please note
that this Privacy Policy does not apply to all the Personal Data which we
collect
and process.
- “Data Subject” means persons protected under the GDPR, or the UK GDPR and the
DPA
2018..
- “Processing of Personal Data” means processing of Personal Data of the Data
Subject
in any of the
following cases:
- if carried out in connection to activities of our establishment in the
EEA
and/or the UK,
- if related to the offering of goods or services to the Data Subject
residing
in the EEA and/or
the UK, or
- if related to the monitoring of the behavior of the Data Subject
residing in
the EEA and/or
the UK as far as their behavior takes place within the EEA and/or the
UK.
- “Software” means the software we are using in order to operate our intercom
systems.
2.2 Collection and Processing of Personal Data
2.2.1 Legal Bases for Processing Operations
1. We may collect and process the Data Subject's Personal Data in the following cases
:
- if we have a legitimate interest in such processing, unless except where such
interests are overridden
by
the
interests or fundamental rights and freedoms of the data subject which require
protection of personal data,
in
particular where the data subject is a child, in accordance with the GDPR, or
the UK
GDPR and the DPA 2018,
as
applicable;
- if required in order to perform an agreement with the Data Subject or carry out
procedures before
execution
initiated by the Data Subject in accordance with the GDPR, or the UK GDPR and
the
DPA 2018, as applicable;
or
- if we have obtained the Data Subject's express prior consent in accordance with
the
GDPR, or the UK
GDPR
and the DPA 2018, as applicable.
2.2.2 Children’s Personal Data
Where we collect and process Personal Data from a child who is under 16 years of age
or
who has not reached the
age limits under the laws of a Member State, we will process that data
appropriately.
2.2.3 Withdrawal of Consent
- Where our Processing of Personal Data is based on consent, the Data Subject is
entitled to withdraw his
or
her
consent to the collection and Processing of the Personal Data at any time
without
having to provide reasons.
- We will not collect and Process Personal Data that is based on consent after
such
withdrawal, but this
withdrawal will not affect the lawfulness of processing based on the consent
before
withdrawal thereof.
2.2.4 Change of Purpose of Use
- We will process the Data Subject's Personal Data for the above specified,
explicit
and legitimate
purposes,
and will not further process the Personal Data in a way that is incompatible
with
those purposes.
- If we intend to process Personal Data originally collected for one purpose in
order
to attain other
objectives
or purposes, we will ensure that the Data Subject is informed of this.
2.2.5 Storage of Personal Data
We will retain Personal Data for the period necessary for us to fulfill the
respective
processing purpose, unless
a longer retention period is required by applicable laws.
2.2.6 Sharing of Personal Data
- We may share Personal Data with our group entities and with specific
third-parties
in accordance with the
GDPR, or the UK GDPR and the DPA 2018, as applicable.
- Where we share Personal Data with any entity outside the EEA and the UK, we will
put
appropriate legal
frameworks in place, notably controller-to-controller (2004/915/EC) and
controller-to-processor (2010/87/EU)
Standard Contract Clauses approved by the European Commission, in order to cover
such transfers.
2.2.7 Collaborative Partners
- Personal Data may be transferred to, stored, and further processed by
collaborative
partners that work
with
us
to provide our products and services or help us market to Data Subjects. Such
processing is based on our
prevailing legitimate interests.
- Data Subjects may object to the Processing of their Personal Data for direct
marketing purposes without
having
to specify any reasons. Upon receipt of the objection, we will immediately
discontinue such Processing
Personal
Data.
2.2.8 Corporate Reorganizations
In the event of a merger, corporate reorganization, civil rehabilitation,
acquisition,
joint venture, assignment,
transfer, sale or disposition of all or any portion of our business (including in
connection with any bankruptcy
or similar proceedings), etc., we may transfer any and all Personal Data to the
relevant
third party based on
our prevailing legitimate interests.
2.2.9 Legal Compliance andSecurity
- It may be necessary for us – by law, legal process, litigation, and/or
requests from public and
governmental authorities within or outside the Data Subject's country of
residence
– to disclose
Personal
Data. We may also disclose Personal Data if we determine that, for purposes of
national security, law
enforcement, or other issues of public importance, disclosure is necessary or
appropriate.
- We may also disclose Personal Data if we determine in good faith that disclosure
is
reasonably necessary
to
protect our rights and pursue available remedies, enforce our internal
regulations,
investigate fraud, or
protect our operations or users.
2.2.10 Data Transfers outside EU /EEA and the UK
Disclosures or sharing of Personal Data as described above may involve transferring
Personal Data out of the EEA
and the UK. For each of these transfers we make sure that we provide safeguards of
an
adequate level of
protection to the data transferred, including without limitation by entering into
Standard Contract Clauses as
defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC
and
2010/87/EU, as necessary,
or by transferring Personal Data based on the rules of the GDPR, the UK GDPR and the
DPA.
2.2.11 Security measures
We process Personal Data in a manner that ensures such data appropriate security
(including protection against
unauthorized or unlawful processing and against accidental loss, destruction damage,
etc.) using appropriate
technical or organizational measures to achieve this.
2.2.12 Data subject's rights
-
Data Subjects are entitled to the following rights with regard to our
processing
of your Personal Data:
- The right to require free of charge (i) information whether your
Personal
Data is retained and (ii) to
access
your Personal Data under our control. However, if the request affects
the
rights and freedoms of others
or
is
manifestly unfounded or excessive, we reserve the right to charge a
reasonable fee (taking into account
the
administrative costs of providing the information or communication or
taking
the action requested) or
refuse
to
act on the request;
- The right to request proper rectification, removal or restriction of
your
Personal Data;
- Where processing is based on prevailing legitimate interests in
accordance
with the GDPR or the UK GDPR
and
the
DPA 2018, as applicable, the right to object on grounds relating to your
particular situation at any
time.
If
you object we will no longer process your Personal Data unless there are
compelling and prevailing
legitimate
grounds for the processing or the data is necessary for the
establishment,
exercise or defence of legal
claims;
- Where processing of your Personal Data is either based on your consent
or
necessary for the performance
of a
contract with you and processing is carried out by automated means, the
right to receive the Personal
Data
concerning you in a structured, commonly used and machine-readable
format or
to have your Personal Data
transmitted directly to another company, where technically feasible
(data
portability);
- Where the processing of your Personal Data is based on your consent,
the
right to withdraw your consent
at
any
time without impact to data processing activities that have taken place
before such withdrawal or to any
other
existing legal justification of the processing activity in question; and
- The right not to be subject to any automatic individual decisions which
produces legal effects on you or
similarly significantly affects you
- If the Data Subject will exercise such rights, please contact us at the address
set
forth in 2.2.14
below.
- If the Data Subject is not satisfied with the way in which we have proceeded
with
any request, or if the
Data
Subject has any complaint regarding the way in which we process Personal Data,
the
Data Subject may lodge a
complaint with a Data Protection Supervisory Authority.
2.2.13 Updates to Privacy Policy
- We may change this Privacy Policy from time to time. Any changes to this Privacy
Policy will become
effective
upon posting of the revised Privacy Policy via the Website.
- If we make changes which we believe are significant, we will inform the Data
Subject
through the Website
to
the extent possible and seek for the Data Subject's consent where applicable.
2.2.14 Contact
- With respect to the Personal Data, you provided to us, we will appropriately
respond
to your request for
disclosure, correction, suspension of use, or deletion of your personal
information
or opinions, inquiries,
complaints or consultations, in accordance with laws and regulations regarding
the
protection of personal
information.
- For any questions or requests relating to this Privacy Policy, please contact us
by
email as follows:
contact: aiphone_gdpr@aiphone.co.jp
3. Processing of Personal Data on Our Website
This section highlights how we collect, process and use your Personal Data when you
are
using our Website.
3.1 Processed Personal Data
We collect and use your Personal Data when you are accessing and interacting with
our
Website. If you visit our
Website without providing Personal Data via registration or in any other way, only
the
internet connection data
that your browser transmits to our server will be processed. This information
contains
Personal Data only to a
limited extent. The processed data includes information on:
- Your IP address
- Your device (type, name, ID)
- Your browser (type/version)
- Your operating system (including language settings)
- Date and time of your request
- Content of your requests
- Your screen resolution
- Your Internet service provider
- Websites from which your system accesses our website (referrer URL)
- Web pages that are called up by your system via our website.
We process this information in order to enable you to use our website (e.g. by
adapting
our website to the needs
of your device) as well as to generate comprehensive demographic data to create
anonymous statistics on the use
of our website. This data is not merged with other data sources.
The legal basis for this data processing is Art. 6(1)(b) of the GDPR and the UK GDPR,
as
we need this data for
the provision of our Website, and Art. 6(1)(f) of the GDPR and the UK GDPR, as we
have a
legitimate interest in
ensuring the stability and security of our Website.
3.2 Processing of Personal Data For Additional Services
We offer additional services on our website (e.g. contact forms, newsletter and
brochure
requests). When you use
these services, we ask you for further Personal Data such as your name or e-mail
address. Mandatory information
is always marked as such. Without this Personal Data, we may not be able to provide
you
with the requested
service or answer any queries you may have. In the following, we will inform you
about
the respective data
processing operations and legal bases.
- Contacting Us – We will store your Personal Data if you choose to contact
us
– e.g. via email
or
contact form. This is usually your name and email address as well as the
information
you have provide us
with
your message. We process these information solely for the purposes of answering
your
request and the
associated
technical administration and do not forward the information to any third parties
without your consent. The
legal
basis for this data processing is Art. 6(1)(b) of the GDPR and the UK GDPR, if
carried out performance of
contract or as pre-contractual measures, as well as Art. 6(1)(f) of the GDPR and
the
UK GDPR, as the
processing
of these requests is in the interest of both parties.
- Newsletter – If you opt-in for our newsletter informing you about our
latest
products and services,
We
will process the Personal Data provided by you (such as name, address or email
address) for the sending the
newsletter to you.
- Brochure Requests – If you make a request for a brochure of our products
and/or services, we will
process the Personal Data provided by you (such as name, address and email
address)
for the purpose of
sending
the brochure to you.
3.3. Use of Cookies and third-party software
- Our Website uses cookies. Cookies are small text files that are saved on your
hard
disk which can be
allocated
to your browser and deliver particular information about your use of our
Website.
They are useful for making
internet devices more effective and more user-optimized such as remembering your
choices when you revisit
the
Website. The use of such cookies which are required to ensure the functionality
of
our Website and to
provide a
safe user experience are used based on our prevailing legitimate interest.
- Cookies used for other purposes, such as analyzing visitor’s preferences and
activities on the Website,
are
used. In regard to visitors from the EEA and the UK, Cookies are used in such
manner
only if Data Subjects
have
declared their consent to the Use of such Cookies.
- Certain cookies we use last only for the duration of your web session and expire
when you close your
browser
and are called session cookies. These cookies are stored as session IDs whereby
different requests sent by
your
browser are assigned to the common session until you close the browser or
otherwise
cancel the session.
Other
cookies are used to remember you when you return to the Site/Application and
will
remain for longer. These
are
generally called persistent cookies which will remain on your device after
concluding the session. However,
persistent cookies are automatically deleted after a specified period of time.
You
can adjust the retention
period or manually delete cookies from your device via your browser settings at
any
time. Please be advised
that
if you disable cookies you may not be able to use our Website’s services to
their
full extent.
3.3.1 Google Analytics
- Our Website uses Google Analytics. Google Analytics is a service from Google
LLC.
(1600 Amphitheatre
Parkway
Mountain View, CA 94043. USA; ‘Google’) employing cookies which are saved on
your
computer, allowing Google
to
analyze your use of the Site. The information generated by the cookie is
transferred
to a Google server
generally located in the USA and stored there. On our Website, IP anonymization
is
activated, so that the IP
address of Google users within member states of the European Union or other
contracting parties to the
Agreement
on the European Economic Area is effectively anonymized before being
transferred,
thus eliminating any
possibility of personally identifying the user in question.
- In exceptional cases only the full IP address is transferred to a Google server
in
the USA and
abbreviated
there. Google uses this information on our behalf in order to analyze the use of
the
Website, to compile
reports
on the Website activities, and to provide other services relating to use of the
Site
and Internet use for
the
Website operator. The IP address transferred from your browser through Google
Analytics is not merged with
other
data by Google for profiling purposes. Further information on Google’s use of
data
can be [https://support.google.com/analytics/answer/4597324?hl=en].
- You can prevent the collection and subsequent transfer of any data (including
the
anonymized IP address)
generated by the Google Analytics cookie relating to use of the Website by
Google as
well as the processing
of
this data altogether by Google by either downloading and installing the Browser
Plugin available here.
Alternatively, you can click here [https://tools.google.com/dlpage/gaoptout?hl=en].
3.3.2 Social-Media Plugins
We use social-media plugins from Facebook, Twitter and LinkedIn. The providers of
these
services can communicate
with you via the plugins and collect information about your visit to our website.
This
processing is based on
Art. 6(1)(f) of the GDPR and the UK GDPR. We have a legitimate interest in
increasing
your user experience and
optimizing our Services.
-
Facebook - Our Website uses social plugins operated by Facebook Inc, 1601 S.
California Ave, Palo Alto,
CA
94304, USA ("Facebook").
The social-media plugins are being used to create user profiles in order to
store
information about you.
This
information may include, for example, content viewed, websites visited,
online
networks used,
communication
partners and technical information (device information, metadata). This may
also
include location data
if
you
have given your consent in the collection of such data. The collection of
data
is being carried out
across
the
devices. Additionally, if you use the social network facebook.com, the
collected
data can be assigned to
your
Facebook user profile. We generally only receive access to aggregated
information about the interaction
with
our
ads and can use the aggregated data to provide our marketing campaigns to
the
relevant interest groups.
Please
note that you can find further information about Facebook's privacy policies
at
[https://www.facebook.com/about/privacy]. You may object to your data being
captured by Facebook and used
in
the
above-mentioned way. You can change your user-based advertising settings
here:
[https://de-de.facebook.com/ads/settings]. You can also prevent Facebook from
installing the respective
cookie
by
adjusting your browser settings.
- Twitter – We are using Twitter social-media plugins on our Website. These
social-media plugins are
operated by Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103,
USA
(“Twitter”). By using
Twitter
and the Re-Tweet function, the website you visit will be linked to your Twitter
account and made public to
other
users. This includes the transfer of your personal data.
These processing operations are based on Art. 6(1)(f) of the GDPR and the UK
GDPR
as we have a legitimate
interest in an attractive presentation and simplification of the use of our
online offers. Please find
further
information on the data processing under [http://twitter.com/privacy].
You can change your privacy settings on Twitter in the account settings under
[http://twitter.com/account/settings.
- LinkedIn – We use social-media plugins on our Website operated by LinkedIn
Corporation, 2029
Stierlin
Court, Mountain View, CA 94043, USA (“LinkedIn”).
The social-media plugin notifies LinkedIn of which specific page of our
Website
is being visited. If you
click
the LinkedIn Recommend Button while you are logged in to your LinkedIn
account,
you can post the
contents of
our
website via your LinkedIn profile. This enables LinkedIn to associate your
visit
to our website with
your
LinkedIn account.
The data processing is based on Art. 6(1)(f) of the GDPR and the UK GDPR as
we
have a legitimate interest
in
an
attractive presentation and simplification of the use of our online offers.
For further details about LinkedIn's data processing and your rights and
preferences, please refer to
LinkedIn's
privacy policy under [http://www.linkedin.com/legal/privacy-policy].
4. Processing of Personal Data for the Provision of Our Products and/or
Services, Including Software
We are processing your Personal Data for the provision of our products and/or
services, including Software.
For users of our products and/or services, please
visit the following URL for our privacy policy.
https://www.aiphone.net/privacy/for_product/user/
For administrators and/or installers, please visit the following URL for our privacy
notice.
https://www.aiphone.net/privacy/for_product/installer/
Last updated on the 1st March, 2023