Would you like to explore our corporate site or visit your local website?Stay on Corporate site
This This privacy statement describes on general level how KONE Corporation (which shall include its subsidiaries, partners and its affiliates, "KONE") and the facility manager or the building owner (the “Manager”) which are offering you KONE Flow mobile app (the “App”) solely for your convenience and use for certain KONE digital services (the “KONE Services”) available at the designated building(s) (the “Building”) process your personal data.
For more information about the KONE Services available in the Building, please contact the Manager.
2. Privacy Statement
The following information is always collected from you when you start to use the App (either directly by KONE or by the Manager) , regardless of the KONE Services you are using with the App (the “User Profile”): your name, gender, country and preferred language, phone number and e-mail address; also, your password is stored in an encrypted format by KONE to enable your subsequent logins to the App. Other information described herein may also be collected about you when you use the App. The scope of other collected information is dependent on the KONE Services you are using with the App.
Following information is added (by the Manager) for you to be able to use the App in the Building (the “Access Permissions”): access permissions and permissions to grant keys or access to sub-users. If you are using the App for KONE Residential Flow service, also your address will be collected by the Manager.
Depending on the KONE Services you are using, you may be able to add following information by yourself through the App (the “User Preferences”): additional phone-number (for intercom use), inter-com username, walking speed, favorite floor, visitor keys or access and sub-users (sub-user information and data as entered by you includes but is not limited to name, username, number, date of birth and other information that you add). Creation and deletion of visitor keys or access and sub-users generates a timestamp and thus creates an audit log, which can be used by KONE, the Manager or third parties to investigate or verify security, safety or other incidents occurring during or related to the use of the App.
Log data about your use of KONE equipment via the App is stored in a format on your mobile device that can identify you personally. However, information about your usage of KONE equipment with the App is de-identified when transmitted to KONE. The App generates a randomized ID-number that is sent to the KONE back-end system in encrypted format to enable the connectivity functionalities of the KONE Services. KONE may access these ID-numbers when performing actions related to the KONE Services but the ID-number alone cannot identify you. The ID-numbers can be used by KONE or official authorities in individual cases to re-identify the user for security or safety purposes relating to the Building, its residents, or where the KONE Services are or have been compromised or breached or are endangered, or if re-identification is specifically allowed or required by applicable local legislation. If KONE is performing such re-identification, it will follow strict security controls and documentation requirements to ensure compliance with applicable data protection laws. (Log data referred to above and managed by KONE hereinafter the “Log Data”)
There may be Building specific configurations that may allow further Log Data gathering by or for the Manager (“Building Specific Logs”).
Following information is collected automatically if you are using the elevator call functionalities through the App (“Position Data”): approximate physical position when you are near the equipment. This location data is collected and used to enable the elevator call functionality through the App, but it is not retained by KONE. KONE collects Position Data to monitor for and prevent or correct misuse of the elevator call functionality.
The Building may be equipped with intercom device which includes online camera. Such device has a sticker with camera surveillance symbol on it, to inform the users of the camera functionality. The camera is not in its normal stage recording any footage. When a person rings the intercom, the video footage (without audio) is connected to the respective apartment’s main user’s mobile device through the App, meaning that the main user is able to see, who is ringing their intercom (the “Real Time Intercom Video”). If the user does not answer the intercom call, they may decide to take a still picture of the footage currently filmed by the intercom camera (i.e. picture of the person ringing the intercom) (the “Intercom Picture”). The user may also select from the App settings to store the Intercom Picture automatically, if they have missed the intercom call, to be able to afterwards check, who has tried to visit them. The Intercom Picture is only stored to the user’s own mobile device. KONE or the Manager cannot access the Intercom Pictures or the Real Time Intercom Video. If no mobile device is connected to the respective apartment, or if the device itself does not support video or picture formats, the Real Time Intercom Video or the Intercom Picture functionalities are not usable.
All information referred to above (User Profile, Access Permissions, User Preferences, Log Data, Position Data, Real Time Intercom Video and Intercom Picture) shall be hereinafter referred to collectively as “Personal Data”.
Besides identifiable data, KONE may also collect data analytics in anonymous format. Such data is generated automatically when you use the App and includes device description, model and operating system (of the device you are using the App with) and basic information about usage of the App (e.g. login and logout time, time spent using the App, most popular functionalities).
KONE’s role, legal ground and purpose for Personal Data processing
Unless otherwise informed to you, KONE is always the data controller for User Profile, User Preferences, Log Data and Position Data. For Access Permissions, KONE is acting as data controller in regards to the data management actions taken within KONE’s own IT systems and KONE’s own sphere of influence. However, KONE receives Access Permissions only from the Manager, who is responsible for the accuracy and correctness of the data as well as informing you the first time when this data is collected. Moreover, deletion of Access Permissions requires action from the Manager. For the Building Specific Logs, KONE is managing the data only on behalf of the Manager in the role of data processor.
Processing of Personal Data is based on KONE’s legitimate interests related to the purposes defined below. The purpose of collecting and processing of the Personal Data is to be able to provide the App and KONE Services for your use in the Building. This includes enabling the functioning of the App and your use of KONE equipment with the App; enabling communications between you and the Manager; analyzing and correcting any possible defects in the App, KONE Services or KONE equipment; monitoring and ensuring the security of the App, KONE Services, KONE equipment, the Building and Personal Data.
Processing of Personal data may also be performed by KONE or the Manager for Building security and safety, for identity and credential management, such as verification and authentication; for detecting, analyzing and resolving security threats; and for fraud detection and prevention.
In certain circumstances, KONE may process the Personal Data to de-identify or re-identify the data with or from the user; to make back-up copies for business continuity and disaster recovery purposes, and for corporate governance, including mergers, acquisitions and divestitures.
KONE may furthermore process Personal Data for analysis of how the App and KONE Services are being used to enable product, service and application development. From time to time, KONE may also need to process the Personal Data for purposes of internal auditing, analysis, reporting (e.g. security audits) or certifications (e.g. ISO certificates). KONE will anonymize the Personal Data before conducting the above described actions when possible.
As allowed or required by applicable laws, KONE may as use Personal Data in legal and administrative proceedings or for compliance, e.g. for fulfilling a request for a resolution or information by authorities, in submissions for court or for the establishment, exercise or defense of legal claims.
In case of Residential Flow Services, the Manager can collect, maintain and upkeep following Personal Data on behalf of KONE based on the agreement concluded between KONE and the Manager: your name, gender, country and preferred language, phone number and e-mail address, inter-com username, walking speed, favorite floor, permissions, created visitor keys and access and sub-users (with usernames). Moreover, if Access Permissions are needed for the use of KONE Services, the Manager shall always be liable for the accuracy and correctness of such data.
Processing of Personal Data is necessary for KONE to be able to provide you the App and for you to use KONE equipment and KONE Services in the Building with the App. If you do not approve of the collection and use of Personal Data or have requested KONE to stop the processing of your Personal Data, you may not use the App anymore, and you shall remove the App from any devices where you have installed it. In most cases, you can still use KONE equipment in the Building with alternative means (e.g. a key tag), but some elements of the KONE Service (e.g. the elevator call functionality) may not be available to you anymore. You may request more information of your options from the Manager.
KONE will store other Personal Data than log data until you inform KONE that you wish to stop using the App or KONE otherwise can verify you have ceased to use the App (e.g. App has been inactive for extensive period of time). However, the Access Permissions can be deleted by the Manager once you no longer are authorized to access the respective Building, or by KONE if the KONE Services are no longer provided in the Building. The retention time for Building Specific Logs will be defined by the Manager.
The collected Log Data is retained as allowed by applicable local data protection laws, however no longer than up to 1 year from collection.
The Real Time Intercom Video or Intercom Picture are not stored by KONE or the Manager. KONE or KONE's service provider may connect to the online camera during trouble shooting but will not record any footage.
In case Personal Data is processed for the establishment, exercise or defense of legal claims or for legal compliance, Personal Data is retained as long as necessary to resolve the case or demonstrate compliance, and thereafter the data is archived and retained as required or allowed by applicable laws and regulations.
Data transfers and disclosures
KONE or the Manager may use reliable subcontractors’ services when processing Personal Data for the abovementioned purposes. To the extent such subcontractors have access to Personal Data or host Personal Data, KONE and/or the Manager (as applicable) shall conclude agreements with the subcontractors to oblige the subcontractors to use the Personal Data only to the extent described in this Privacy Statement, and commit subcontractors to other relevant confidentiality, data privacy and data security obligations.
KONE Corporation and/or Manager may transfer Personal Data to its respective affiliates and subsidiaries. The transfer of Personal Data between i) KONE and the Manager or ii) either of them and a subcontractor or iii) either of them and one of their respective affiliates and subsidiaries for purposes of performing the services does not constitute the selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic means the Personal Data for monetary or other valuable consideration.
Due to the technical and practical requirements, some of the Personal Data is processed also outside the country where the Building is located (including outside EU/EEA area) by the subcontractors, Manager or KONE companies. KONE or Manager (as applicable) ensures that there is a legal basis for such transfers. You can get more information about the data transfers by contacting KONE or the Manager.
Your Personal Data may be disclosed to public authorities in situations where the applicable local law explicitly demands and allows for KONE or the Manager to do so.
The apartment number and intercom username you enter into the App or request the Manager to enter into the intercom management system, is visible in the displays located in the vicinity of the Building’s entrance(s).
You have a right to review the Personal Data collected on you, right to have incorrect Personal Data corrected and right to request deletion of Personal Data. Depending on the applicable law, you may also have a right to object to processing based on a specific individual circumstance and request data portability. You may use some of these rights through the App. If this is not possible, you may use these rights by contacting the Manager or KONE:
02150 Espoo, FINLAND
Telephone: +358 204 751
Attention: Data Privacy Counsel, Legal Affairs, firstname.lastname@example.org
In any requests relating to the Access Permissions or Building Specific Logs, please contact the Manager first, before contacting KONE.
In the event you have concerns or remarks regarding legality of Personal Data processing, you may lodge a complaint with a competent local data protection supervisory authority or pursue to enforce your legal rights in the absence in jurisdictions without such data protection supervisory authority.