This Privacy Notice written in compliance with GDPR UE 2016/679 the explains how we collect and use personal information. Personal Information means any information relating to an identified or identifiable natural person; one who can be identified, directly or indirectly, by reference to an identifier such as name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. We collect personal information in a variety of ways through our normal business activities, both online and offline. This includes, for example, when you place orders or purchase products or services, enter into agreements or communicate with us, or visit and use our websites. We also receive personal information from our customers in order to perform services on their behalf.
- Identity of Data Controller, GDPR art.28 :
To identify the Changee entity responsible for the processing of your personal information, you can ask your Changee business contact, or contact our Privacy Office (email@example.com).
- Categories of Personal Information, GDPR art.4 :
Personal information that we may collect and process includes:
– Contact Information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
– Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.
– Transactional information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.
– Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.
– Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding building spaces, energy usage data, fault data, event data, environmental data, and other internal or external data as well as product usage information and product performance data. In some circumstances, this information may be Personal Data. In the case of video or security products, the information may also include video and audio signals and data. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws.
- Legal bases for Processing, GDPR art.6 :
– The performance of a contract with our customers and suppliers.
– The legitimate interests of Johnson Controls, which are our usual business activities.
- Purposes of Processing, GDPR art.13 and 14 :
– Fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training, product update and safety related notices, and to provide other services related to your purchase.
– Managing our contractual obligations and your ongoing relationship with us, including interacting with you, analyzing and improving the products and services we offer, informing you about our products or services, as well as special offers and promotions.
– Ensuring the security of our websites, networks and systems, and premises, as well as protecting us against fraud.
– Managing our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, fulfillment, corporate governance, audit, reporting and legal compliance.
- Recipients of Personal Information:
– Third Parties: We may use third parties to provide or perform services and functions on our behalf. We may make personal information available to these third parties, to perform these services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.
– As Required by Law: We may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law, including to meet national security or law enforcement requirements, and including to agencies and courts in the countries where we operate. Where permitted by law, we may also disclose such information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support external audit, compliance and corporate governance functions.
– Mergers & Acquisitions: Personal information may be transferred to a party acquiring all or part of the equity or assets of Changee or its business operations in the event of a sale, merger, liquidation, dissolution, or other.
– Affiliates: We may also transfer and share such information to Changee affiliates in compliance with applicable law.
- International Transfers, GDPR art. from 44 to 49
The third parties, subsidiaries and affiliates to which your personal information can be disclosed may be located throughout the world; therefore information may be sent to countries having different privacy protection standards than your country of residence. In such cases, we take measures to ensure that your personal information receives an adequate level of protection, which include our Binding Corporate Rules, which set forth our high standards for processing personal information collected and processed by us globally, and Standard Contractual Terms to protect your personal information.
- Retention, GDPR art. 5-a :
We will retain your personal information as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.
- Protection of Personal Information, GDPR art.25 :
Security measures for protecting personal information: We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-toknow basis. We maintain a comprehensive information security program that is proportionate to the risks associated with the processing. The program is continuously adapted to mitigate operational risks and to protect personal information, taking into account industry-accepted practices. We will also use enhanced security measures when processing any sensitive personal information. How we protect personal information we process on behalf of our customers (as Data Processor): In some instances, we process personal information on behalf of our customers as a service (in a data processor capacity). We collect and process this personal information only as instructed by our customer and will not use or disclose it for our own purposes. We maintain information security controls to protect your information and will only disclose or transfer the personal information as instructed by the customer or to provide the requested service. Unless otherwise instructed by the customer, we treat the personal information we process on behalf of our customers in line with our commitments on disclosure and transfer as set forth in this notice.
- Our website:
– Cookies, usage data and similar tools.
– Data Sharing and Browser Do Not Track Requests: Because we do not (and do not permit others) to track our website visitors, we do not process web browser Do Not Track signals.
To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.
– Linked sites: We may provide links to third parties’ websites (“linked sites”) from our websites.
– Children: Our websites are not directed at children and we do not use our websites to knowingly solicit personal information from or market to children. If we learn that a child has provided personal information through one of our websites, we will remove that information from our systems.
– Google Analytics: We may also use Google Analytics on our website to collect information about your online activity on our websites, such as the web pages you visit, the links you click, and the searches you conduct on our websites. We may use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the site from and the pages they visited. The information generated by those cookies and your current IP-address will be transmitted by your browser to and will be stored by Google on servers in the United States and other countries. Google will use this information on our behalf for the purpose of evaluating your use of our website as described above. The IP address collected through Google Analytics will not be associated with any other data held by Google. For more information about the information gathered using Google Analytics please visit http://www.google.com/intl/en/analytics/privacyoverview.html. You can prevent these cookies by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of our websites. You may download and install the Google Analytics Opt-out Browser Add-on available here: http://tools.google.com/dlpage/gaoptout.
– Google Remarketing Technology: Our websites may use Google’s remarketing technology.
– Facebook Conversion Tracking: Our websites may utilize the Conversion Tracking Pixel service of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”).
This tool allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data are saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes. Only users over 16 years of age may give their permission. Please click here if you would like to revoke your permission: https://www.facebook.com/ads/website_custom_audiences/
- Your Rights, GDPR art.15 :
You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Privacy Office writing to: firstname.lastname@example.org . To the extent of applicable law, you may have the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may also have the right to lodge a complaint with a supervisory authority.
- Consent and Withdrawal of Consent, GDPR art.7 :
By providing personal information to us, you understand and agree to the collection, processing, international transfer and use of such information as set forth in this Privacy Notice. Where required by applicable law we will ask your explicit consent. You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose, free of charge by clicking on relevant links on our websites, following the directions contained in an email or by contacting our Privacy Office through the e-mail address email@example.com .
- Automated Decision-Making:
JCI respects your rights under law regarding automated decision-making.
- How to contact us:
If you would like to communicate with us regarding privacy issues or have questions, comments or complaints, please contact our Privacy Office writing to firstname.lastname@example.org .
- Modifications to our Privacy Notice:
We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice.
This Privacy statement is effective as of: 25 May 2018