Landis+Gyr EMEA Privacy Policy
Landis+Gyr Olympus AG is incorporated under the laws of Switzerland, with its registered address at Alte Steinhauserstrasse 18, 6330 Cham, Switzerland, and operates via its subsidiaries (collectively referred to as the “Company”), and may act as Data Controller or Data Processor.
The Company collects and processes Personal Data in the day-to-day operations of its business. This Privacy Policy (“Policy”) has been drafted and implemented in order to describe the Company’s practices and the relevant data privacy principles for the protection of Personal Data during the processing of Personal Data of its customers, contractors and other business partners (“Data Subjects”).
For the purposes of the scope of this Policy, Company shall mean Landis+Gyr Olympus AG and its affiliates (“Affiliates”), all considered as part of the group companies.
“Applicable Law” refers to the relevant country data protection law or applicable regulation relating to data protection.
“Personal Data” means any information relating to an identified or identifiable natural person;
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Company is a global leader in smart grid and smart metering products and related services, and strives to be a good corporate citizen. The Company recognizes the relevant privacy rights, and complies with Applicable Law. Certain requirements may vary from an Affiliate to another depending on the Applicable Law. This Policy constitutes a global guideline to which the Company is committed and is an integral part of the Company’s internal codes of conduct.
The Company is committed to complying with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), EU Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the Processing of Personal Data and the protection of privacy in the electronic communications sector, UK General Data Protection Regulation (Regulation (EU) (2016/679) ('UK GDPR') and the Data Protection Act 2018, the Swiss Federal Act on Data Protection 235.1 of 25 September 2020, the Personal Data Protection Act of India, and all other relevant data protection regulations where the company operates according to Applicable Law.
3| Collecting & Processing Personal Data
This Policy is applicable to the Company’s customers (including its customer’s end-users), suppliers and other business partners. The Company may process the following categories of Personal Data:
- Identity data: last name, first name, gender, nationality and date of birth
- Data relating to the product purchased: model, serial number, usage data
- Data relating to the service provided, including metering data
- Data relating to the feedback a partner provides
- Metering-related data, including electricity consumption
- Invoicing and customer relationship Personal Data
The Company does not collect information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs (considered "Sensitive Personal Data").
Personal Data may be processed on the legal basis of the execution of a contract or pre-contractual measures, which include:
- Fulfillment of the Company’s contractual obligations
- Provision of after-sales services after the purchase of a product by a customer
- Processing customer requests and service support
- Claims management
- Invoicing and billing management
Personal Data may also be processed on the basis of the Company’s legitimate interests, in particular in order to improve its products and services, customer experience and internal processes. The Processing includes:
- Marketing purposes (for example, sending newsletters or updates) within the context of our business-to-business relationship, in accordance with Applicable Law
- Interacting with the Data Subject such as for account and customer management purposes
- Conducting statistical/usage analysis
- Performing internal administrative functions
- Processing customer requests
- Improving security concerning the Protection of Personal Data, and preventing fraudulent activities
- Customer relationship management with Data Subjects
- Profiling to better manage customer relations, not subject to automated decision making
- Evaluation of data collected by our products
- Video-surveillance on the Company’s premises for security purposes
The Company may also process Personal Data on the basis of fulfilling legal obligations for due diligence know-your-customer requirements, depending on Applicable Law. In the event of marketing to prospective customers, as may be conducted by the Company or its partners, the Company will first obtain Data Subject consent and ensure provisions are made to opt-out of such marketing at any time.
If Personal Data covered by this Policy is to be used for a new purpose that is materially different from that for which the Personal Data was originally collected or subsequently authorized, or is to be disclosed to a third party in a manner not specified in this Policy, the Company will provide you with an opportunity to choose whether to have your Personal Data so used or disclosed. Requests to opt out of such uses or disclosures of Personal Data should be sent to the Company as specified in the "6| How to Contact Us" section below.
Personal Data will be kept for the duration of the Processing and in accordance with the Company’s Data Retention Policy and related Data Retention Schedule. Personal Data will be deleted as soon as the purpose of the Processing of Personal Data has been achieved as defined by the Data Retention Policy and Schedule but may be retained longer, if necessary, in order to comply with legal obligations or other Applicable Law or, if necessary, to protect or exercise the Company’s rights to the extent permitted by Applicable Law.
At the end of the retention period, and depending on the nature of the Personal Data, the Company may archive Personal Data to comply with Applicable Law for a limited period with restricted access.
The retention period may vary depending on the country where the Data Subject resides and on the Applicable Law.
Personal Data may be shared with other Company Affiliates, government agencies and third parties to meet the Company’s contractual obligations, for legitimate business reasons or as otherwise allowed or required by Applicable Law. Third parties who may process your Personal Data include our service providers acting as processors for the Company, providing the following services: data hosting, business productivity applications, customer service support software and customer relationship management software.
Government agencies may access Personal Data as the results of lawful requests, including to meet national security or law enforcement requirements.
The use of third parties may involve the transfer of Personal Data across country borders. Also, business processes may require the transfer of Personal Data within the Company internationally.
If Personal Data is processed within the EU/ EEA / UK, and in the event Personal Data is disclosed to third parties or to a country not considered as providing a sufficient level of protection according to Applicable Law then the Company will ensure, as necessary, that it:
- implements Standard Contractual Clauses (SCC) as approved by the EU Commission or as approved by another Supervisory Authority according to Applicable Law;
- takes supplementary measures, such as an adequacy assessment, or adopts a Data Processing Addendum.
For Personal Data not processed within the EU/EEA/UK, and in the event Personal Data are disclosed to third parties located outside the Data Subject’s jurisdiction, the Company will ensure it obtains the required consents, implements necessary safeguards to protect Personal Data, and / or obtains Supervisory Authority approval as may be required. Those mechanisms may differ depending on the country and relevant Applicable Law.
The Company implements security measures in order to protect Personal Data from security incidents and unauthorized disclosure. These security measures include, inter alia, access controls, password protection, encryption, security assessments and audits.
In the event of a data breach incident, the Company has procedures in place in order to:
- Investigate and analyze a Data Breach to determine its consequences on the rights and freedoms of the Data Subjects;
- Notify the competent authority and, if necessary, those affected if the rights and freedoms of the Data Subjects are at risk;
- Implement necessary measures to remediate and mitigate the Data Breach;
- Ensure traceability of the incident.
Appropriate measures may differ depending on Applicable Law.
4| Privacy rights related to Personal Data
In accordance with Applicable Law, any person whose Personal Data is processed by the Company has rights related to their data, including:
- Right of access
- Right to rectification
- Right to erasure, subject to regulatory limitations
- Objection or restriction of Processing
- Personal Data portability
- Object to automated individual decision-making
- Provide instructions on how to process Personal Data posthumously (as may be relevant based on Applicable Law)
The exercise of such rights is not absolute and is subject to the limitations provided by Applicable Law.
Depending on Applicable Law, the Data Subject may have the right to lodge a complaint with the competent Supervisory Authority in his or her jurisdiction if not satisfied by the Company’s response.
To exercise the above rights, the Data Subject may contact the Company as described in the section “6| How to contact us.”
The Company may need to update this Policy in order to comply with new regulatory requirements. An updated version of this Policy will be made available via an appropriate channel and will apply only to data collected and processed subsequent to its effective date.
6| How to contact us – complaint handling
For any concerns about this Policy or in order to exercise Data Subject rights, please contact the Company’s Data Protection Officer at the following address: Landis+Gyr Olympus AG – Data Protection Officer – Alte Steinhauserstrasse 18 – 6330 Cham – Switzerland.
