Privacy Policy

Johnson Controls Privacy Notice Johnson Controls International plc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal information in accordance with fair information practices and applicable data privacy laws. As a sign of our commitment to privacy, we have adopted a set of Binding Corporate Rules (“BCRs”). These contain our global privacy commitments, including our policy on transfers of personal information and associated individual privacy rights, with the aim of ensuring that your personal information is protected while processed by our affiliates around the world. These BCRs have been approved by the European Data Protection Authorities. You can consult our BCRs on the Privacy homepage. Sections: 1. Scope 2. Identity of Data Controller 3. Categories of personal information 2 agreements or communicate with us, or visit and use our websites. We also receive personal information from our customers in order to perform services on their behalf. 2. Identity of Data Controller: To identify the Johnson Controls entity responsible for the processing of your personal information, you can ask your Johnson Controls business contact, consult the list of our locations on the Johnson Controls public website (www.johnsoncontrols.com) or contact our Privacy Office (privacy@jci.com). 3. Categories of Personal Information: Personal information that we may collect and process includes:  Contact Information that allows us to communicate with you, such as your name, job title, age and prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.  Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.  Transactional information about how you interact with us, including purchases, inquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.  Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.  Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding building spaces, energy usage data, fault data, event data, environmental data, and other internal or external data as well as product usage information and product performance data. In some circumstances, this information may be Personal Data. In the case of video or security products, the information may also include video and audio signals and data. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws. 3 4. Legal bases for Processing:  The performance of a contract with our customers and suppliers.  The legitimate interests of Johnson Controls, which are our usual business activities. 5. Purposes of Processing:  Fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training, product update and safety related notices, and to provide other services related to your purchase.  Managing our contractual obligations and your ongoing relationship with us, including interacting with you, analyzing and improving the products and services we offer, informing you about our products or services, as well as special offers and promotions.  Ensuring the security of our websites, networks and systems, and premises, as well as protecting us against fraud.  Managing our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, fulfillment, corporate governance, audit, reporting and legal compliance. 6. Recipients of Personal Information:  Third Parties: We may use third parties to provide or perform services and functions on our behalf. We may make personal information available to these third parties, to perform these services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.  As Required by Law: We may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law, including to meet national security or law enforcement requirements, and including to agencies and courts in the countries where we operate. Where permitted by law, we may also disclose such information to third parties (including legal counsel) when necessary for the establishment, exercise or defense of legal claims or to otherwise enforce our rights, protect our property or the rights, property or safety of others, or as needed to support external audit, compliance and corporate governance functions.  Mergers & Acquisitions: Personal information may be transferred to a party acquiring all or part of the equity or assets of Johnson Controls or its business operations in the event of a sale, merger, liquidation, dissolution, or other. 4  Affiliates: We may also transfer and share such information to Johnson Controls affiliates in compliance with applicable law. 7. International Transfers: The third parties, subsidiaries and affiliates to whic 5 Security measures for protecting personal information: We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-toknow basis. We maintain a comprehensive information security program that is proportionate to the risks associated with the processing. The program is continuously adapted to mitigate operational risks and to protect personal information, taking into account industry-accepted practices. We will also use enhanced security measures when processing any sensitive personal information. How we protect personal information we process on behalf of our customers (as Data Processor): In some instances, we process personal information on behalf of our customers as a service (in a data processor capacity). We collect and process this personal information only as instructed by our customer and will not use or disclose it for our own purposes. We maintain information security controls to protect your information and will only disclose or transfer the personal information as instructed by the customer or to provide the requested service. Unless otherwise instructed by the customer, we treat the personal information we process on behalf of our customers in line with our commitments on disclosure and transfer as set forth in this notice. 10. Our websites:  Cookies, usage data and similar tools When you visit our websites, we may collect certain information by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons. In many cases, the information we collect using cookies and other tools is used in a nonidentifiable way, without any reference to personal information. Cookies are small text files that a website transfers to your computer or other device’s hard drive through your web browser when you visit a website. We may use cookies to make website sign-in and usage more efficient, and to tailor your browsing preferences and improve the functionality of our websites. Cookies can be used for performance management, and for collecting information on how our website is being used for analytics purposes. They can also be used for functionality management, enabling us to make the user’s visit more efficient by, for example, remembering language preferences, passwords and log-in details. There are two types of cookies: session cookies, which are deleted from your device after you leave the website; and persistent cookies, which remain on your device for longer or until you delete it manually. We may use Flash Cookies (also known as Local Stored Objects) and similar technologies to personalize and enhance your online experience. The Adobe Flash Player is an application that 6 allows rapid development of dynamic content, such as video clips and animation. We use Flash cookies for security purposes and to help remember settings and preferences similar to browser cookies, but these are managed through a different interface than the one provided by your web browser. To manage Flash cookies, please see the Adobe website or visit www.adobe.com. We may use Flash cookies or similar technologies for behavioral targeted purposes or to serve interest-based advertising. Our server logs may also collect information about how users utilize the websites (usage data). This data may include a user's domain name, language, type of browser and operating system, Internet service provider, Internet protocol (IP) address, the site or reference directing the user to the website, the website you were visiting before you came to our website and the website you visit after you leave our site, and the amount of time spent on the website. We may monitor and utilize usage data to measure the website's performance and activity, improve the website's design and functionality or for security purposes. We may also use pixel tags and web beacons on our website. These are tiny graphic images placed on web pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions. You can change your browser settings to block or notify you when you receive a cookie, delete cookies or browse our website using your browser’s anonymous usage setting. Please refer to your browser instructions or help screen to learn more about how to adjust or modify your browser settings. If you do not agree to our use of cookies or similar technologies which store information on your device, you should change your browser settings accordingly. You should understand that some features of our websites may not function properly if you do not accept cookies or these technologies Where required by applicable law, you will be asked to consent to certain cookies and similar technologies before we use or install them on your computer or other device.  Data Sharing and Browser Do Not Track Requests: Because we do not (and do not permit others) to track our website visitors, we do not process web browser Do Not Track signals. To learn more about browser tracking signals and Do Not Track please visit http://www.allaboutdnt.org/.  Linked sites: We may provide links to third parties' websites (“linked sites”) from our websites. Linked sites are not necessarily reviewed, controlled or examined by us. Each linked site may have its own terms of use and privacy notice, and users must be familiar and comply with all such terms when using linked sites. We are not responsible for the policies and practices of 7 any linked site, or any additional links contained in them. These links do not imply our endorsement of the linked sites or any company or service and we encourage users to read these linked sites’ terms and notices prior to using them.  Children: Our websites are not directed at children and we do not use our websites to knowingly solicit personal information from or market to children. If we learn that a child has provided personal information through one of our websites, we will remove that information from our systems.  Google Analytics: We may also use Google Analytics on our website to collect information about your online activity on our websites, such as the web pages you visit, the links you click, and the searches you conduct on our websites. We may use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the site from and the pages they visited. The information generated by those cookies and your current IP-address will be transmitted by your browser to and will be stored by Google on servers in the United States and other countries. Google will use this information on our behalf for the purpose of evaluating your use of our website as described above. The IP address collected through Google Analytics will not be associated with any other data held by Google. For more information about the information gathered using Google Analytics please visit http://www.google.com/intl/en/analytics/privacyoverview.html. You can prevent these cookies by selecting the appropriate settings on your browser. If you do this you may not be able to use the full functionality of our websites. You may download and install the Google Analytics Opt-out Browser Add-on available here: http://tools.google.com/dlpage/gaoptout.  Google Remarketing Technology: Our websites may use Google’s remarketing technology. This technology enables users who have already visited our online services and shown interest in our services to see targeted advertising on the websites of the Google partner network. Likewise users that are similar to the visitors of our website can be addressed. The information generated by the cookie about the website use will be transmitted to and stored on servers in the United States by Google. In the event that the IP address is transferred, it will be reduced by the last 3 digits. Using cookies, the user behavior on a website can be analyzed and subsequently utilized to provide targeted product recommendations and advertising based on the user’s interests. If you would prefer to not receive any targeted advertising, you can deactivate the use of cookies for these purposes through Google by visiting the website: https://www.google.com/settings/ads/. Alternatively, users can deactivate the use of cookies by third party providers by visiting the Network Advertising Initiative’s deactivation website (http://www.networkadvertising.org/choices/). Please note that Google has its own data protection policy which is independent of our own. We assume no responsibility or liability for their policies and procedures. Please read Google’s privacy policy before using our websites (https://www.google.com/intl/en/policies/privacy/). 8  Facebook Conversion Tracking: Our websites may utilize the Conversion Tracking Pixel service of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA (“Facebook”). This tool allows us to follow the actions of users after they are redirected to a provider’s website by clicking on a Facebook advertisement. We are thus able to record the efficacy of Facebook advertisements for statistical and market research purposes. The collected data remain anonymous. This means that we cannot see the personal data of any individual user. However, the collected data are saved and processed by Facebook. Facebook is able to connect the data with your Facebook account and use the data for their own advertising purposes, in accordance with Facebook’s Data Use Policy found under: https://www.facebook.com/about/privacy/. Facebook Conversion Tracking also allows Facebook and its partners to show you advertisements on and outside Facebook. In addition, a cookie will be saved onto your computer for these purposes. Only users over 13 years of age may give their permission. Please click here if you would like to revoke your permission: https://www.facebook.com/ads/website_custom_audiences/ 11. Your Rights: You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Privacy Office through the following link: JCI contact form. To the extent of applicable law, you may have the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may also have the right to lodge a complaint with a supervisory authority. 12. Consent and Withdrawal of Consent: By providing personal information to us, you understand and agree to the collection, processing, international transfer and use of such information as set forth in this Privacy Notice. Where required by applicable law we will ask your explicit consent. You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose, free of charge by clicking on relevant links on our websites, following the directions contained in an email or by contacting our Privacy Office through the following link: JCI contact form. 13. Automated Decision-Making: JCI respects your rights under law regarding automated decision-making. 14. How to contact us: 9 If you would like to communicate with us regarding privacy issues or have questions, comments or complaints, please contact our Privacy Office, by clicking on the following link: JCI contact form. In compliance with the Privacy Shield Principles, Johnson Controls commits to resolve complaints about our collection or use of your personal information. European Union and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our Privacy Office at the above link. Johnson Controls has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland. 15. Modifications to our Privacy Notice: We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice. 16. Local addenda for certain countries: We have extended the Privacy Notice with specific information for certain countries where required by applicable local law. You can find these complementary notices through the local addenda links on the Privacy homepage.