Johnson Controls Privacy Notice
Johnson Controls International plc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal information in accordance with fair information practices and applicable data privacy laws.
As a sign of our commitment to privacy, we have adopted a set of Binding Corporate Rules (“BCRs”). These contain our global privacy commitments, including our policy on transfers of personal information and associated individual privacy rights, with the aim of ensuring that your personal information is protected while processed by our affiliates around the world. These BCRs have been approved by the European Data Protection Authorities. You can consult our BCRs on the Privacy homepage.
2. Identity of Data Controller
3. Categories of personal information
4. Legal bases for processing
5. Purposes of processing
6. Recipients of personal information
7. International Transfers
9. Protection of Personal Information
10. Our websites
11. Your Rights
12. Consent and Withdrawal of consent
13. Automated Decision Making
14. How to Contact Us
15. Modifications to our Privacy Notice
16. Local addenda for certain countries
This Privacy Notice explains how we collect and use personal information. Personal Information means any information relating to an identified or identifiable natural person; one who can be identified, directly or indirectly, by reference to an identifier such as name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We collect personal information in a variety of ways through our normal business activities, both online and offline. This includes, for example, when you place orders or purchase products or services, enter into agreements or communicate with us, or visit and use our websites. We also receive personal information from our customers in order to perform services on their behalf.
2. Identity of Data Controller:
To identify the Johnson Controls entity responsible for the processing of your personal information, you can ask your Johnson Controls business contact, consult the list of our locations on the Johnson Controls public website (www.johnsoncontrols.com) or contact our Privacy Office (email@example.com).
3. Categories of Personal Information:
Personal information that we may collect and process includes:
Contact Information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.
Transactional information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.
Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.
Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding building spaces, energy usage data, fault data, event data, environmental data, and other internal or external data as well as product usage information and product performance data. In some circumstances, this information may be Personal Data. In the case of video or security products, the information may also include video and audio signals and data. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws.
4. Legal bases for Processing:
The performance of a contract with our customers and suppliers.
The legitimate interests of Johnson Controls, which are our usual business activities.
5. Purposes of Processing:
Fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training, product update and safety related notices, and to provide other services related to your purchase.
Managing our contractual obligations and your ongoing relationship with us, including interacting with you, analyzing and improving the products and services we offer, informing you about our products or services, as well as special offers and promotions.
Ensuring the security of our websites, networks and systems, and premises, as well as protecting us against fraud.
Managing our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, fulfillment, corporate governance, audit, reporting and legal compliance.
6. Recipients of Personal Information:
Third Parties: We may use third parties to provide or perform services and functions on our behalf. We may make personal information available to these third parties, to perform these services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.
As Required by Law: We may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law, including to meet national security or law enforcement requirements, and including to agencies and courts in the countries where we operate. Where permitted by law, we may also disclose such information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support external audit, compliance and corporate governance functions.
Mergers & Acquisitions: Personal information may be transferred to a party acquiring all or part of the equity or assets of Johnson Controls or its business operations in the event of a sale, merger, liquidation, dissolution, or other.
Affiliates: We may also transfer and share such information to Johnson Controls affiliates in compliance with applicable law.
7. International Transfers:
The third parties, subsidiaries and affiliates to which your personal information can be disclosed may be located throughout the world; therefore information may be sent to countries having different privacy protection standards than your country of residence. In such cases, we take measures to ensure that your personal information receives an adequate level of protection, which include our Binding Corporate Rules, which set forth our high standards for processing personal information collected and processed by us globally, and Standard Contractual Terms to protect your personal information.
Johnson Controls complies with the EU-U.S. Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Johnson Controls Inc., together with Johnson Controls Battery Group Inc., Johnson Controls Advanced Power Solutions LLC, Johns Controls APS Productions Inc., Tyco integrated Security LLC, Sensormatic Electronics LLC, Exacq Technologies Inc., Tyco Fire Products LP, ShopperTrak RCT Corporation, WillFire HC LLC and York International Corp., have certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Notice and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Johnson Controls has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Johnson Controls shall remain liable under the Privacy Shield Principles if its agent processes such personal information in a manner inconsistent with the Privacy Shield Principles, unless Johnson Controls proves that it is not responsible. You have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information please see: https://www.privacyshield.gov/article?id=ANNEX-I-introduction. The Federal Trade Commission has jurisdiction over Johnson Controls’ compliance with the Privacy Shield.
We will retain your personal information as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally required or permitted by applicable law.
9. Protection of Personal Information:
Security measures for protecting personal information: We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-to-know basis. We maintain a comprehensive information security program that is proportionate to the risks associated with the processing. The program is continuously adapted to mitigate operational risks and to protect personal information, taking into account industry-accepted practices. We will also use enhanced security measures when processing any sensitive personal information.
How we protect personal information we process on behalf of our customers (as Data Processor): In some instances, we process personal information on behalf of our customers as a service (in a data processor capacity). We collect and process this personal information only as instructed by our customer and will not use or disclose it for our own purposes. We maintain information security controls to protect your information and will only disclose or transfer the personal information as instructed by the customer or to provide the requested service. Unless otherwise instructed by the customer, we treat the personal information we process on behalf of our customers in line with our commitments on disclosure and transfer as set forth in this notice.
10. Our websites:
Cookies, usage data and similar tools
When you visit our websites, we may collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. In many cases, the information we collect using cookies and other tools is used in a non-identifiable way, without any reference to personal information.
We may use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that allows rapid development of dynamic content, such as video clips and animation. We use Flash cookies for security purposes and to help remember settings and preferences similar to browser cookies, but these are managed through a different interface than the one provided by your web browser. To manage Flash cookies, please see the Adobe website or visit www.adobe.com.We may use Flash cookies or similar technologies for behavioral targeted purposes or to serve interest-based advertising.
Our server logs may also collect information about how users utilize the websites (usage data). This data may include a user's domain name, language, type of browser and operating system, Internet service provider, Internet protocol (IP) address, the site or reference directing the user to the website, the website you were visiting before you came to our website and the website you visit after you leave our site, and the amount of time spent on the website. We may monitor and utilize usage data to measure the website's performance and activity, improve the website's design and functionality or for security purposes.
We may also use pixel tags and web beacons on our website. These are tiny graphic images placed on web pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.
Where required by applicable law, you will be asked to consent to certain cookies and similar technologies before we use or install them on your computer or other device.
Data Sharing and Browser Do Not Track Requests: Because we do not (and do not permit others) to track our website visitors, we do not process web browser Do Not Track signals. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.
Children: Our websites are not directed at children and we do not use our websites to knowingly solicit personal information from or market to children. If we learn that a child has provided personal information through one of our websites, we will remove that information from our systems.
Google Analytics: We may also use Google Analytics on our website to collect information about your online activity on our websites, such as the web pages you visit, the links you click, and the searches you conduct on our websites. We may use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the site from and the pages they visited. The information generated by those cookies and your current IP-address will be transmitted by your browser to and will be stored by Google on servers in the United States and other countries. Google will use this information on our behalf for the purpose of evaluating your use of our website as described above. The IP address collected through Google Analytics will not be associated with any other data held by Google. For more information about the information gathered using Google Analytics please visit http://www.google.com/intl/en/analytics/privacyoverview.html. You can prevent these cookies by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of our websites. You may download and install the Google Analytics Opt-out Browser Add-on available here: http://tools.google.com/dlpage/gaoptout.
Facebook Conversion Tracking: Our websites may utilize the Conversion Tracking Pixel service of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”). This tool allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data are saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes. Only users over 13 years of age may give their permission. Please click here if you would like to revoke your permission: https://www.facebook.com/ads/website_custom_audiences/
11. Your Rights:
You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Privacy Office through the following link:JCI contact form. To the extent of applicable law, you may have the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may also have the right to lodge a complaint with a supervisory authority.
12. Consent and Withdrawal of Consent:
By providing personal information to us, you understand and agree to the collection, processing, international transfer and use of such information as set forth in this Privacy Notice. Where required by applicable law we will ask your explicit consent.
You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose, free of charge by clicking on relevant links on our websites, following the directions contained in an email or by contacting our Privacy Office through the following link:JCI contact form.
13. Automated Decision-Making:
JCI respects your rights under law regarding automated decision-making.
14. How to contact us:
If you would like to communicate with us regarding privacy issues or have questions, comments or complaints, please contact our Privacy Office, by clicking on the following link: JCI contact form.
In compliance with the Privacy Shield Principles, Johnson Controls commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Privacy Office at the above link. Johnson Controls has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.
15. Modifications to our Privacy Notice:
We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice.
16. Local addenda for certain countries:
We have extended the Privacy Notice with specific information for certain countries where required by applicable local law. You can find these complementary notices through the local addenda links on the Privacy homepage.