A. O. Smith Corporation: Privacy Policy


Last Modified: 10/1/2024

A. O. Smith Corporation and its subsidiaries and affiliates (collectively, “A. O. Smith,” “our,” or “we”) respect your concerns about privacy. This Privacy Policy describes the types of personal information we collect about individuals through certain of our products and services, websites and mobile apps, how we may use the information, with whom we may share it, and the choices available regarding our use of the information. The Privacy Policy also describes the measures we take to safeguard the personal information, how long we retain it, and how individuals can contact us about our privacy practices and to exercise their rights.

This Privacy Policy applies to information we collect through our products and services, including our websites and mobile apps listed here (collectively, the “Services”). This policy includes our Services located in Europe and Asia. If our Services have a separate privacy policy or notice, that policy or notice and not this one applies.

How We Collect Personal Information

From you. We may collect personal information and other information that you provide to us when you make a purchase, sign up for emails, create an account, or otherwise use our products or Services.

From devices. This includes information collected through our Services and automatically from devices you use to connect to our Services.

From third parties and publicly available sources. This includes personal information from public sources and from social networks when you interact with us using those services, including social sharing, social media sites, and websites from our service providers, resellers of marketing data, vendors, our affiliates, or other individuals and businesses.

Types of Personal Information We May Collect From You

Depending on how you interact with us, we may collect the following information:

  • Contact Information, such as name, company name, title, phone number, zip or postal code, and email and postal address;
  • Account Information, such as information used to create your online account and other account-related information (such as username and password, nickname for a device or product, security questions and answers and any content you choose to store in your account);
  • Product Registration Information, including model number, serial number, type of installation, and date of installation;
  • Product Setup and Registration Information, such as the name or description of your A. O. Smith product, the location where you install your product, and adjustments you make to the product setup;
  • Technical Information about your A. O. Smith Product, such as your product’s model, serial number, barcode and software version;
  • Information about your A. O. Smith Product Configurations and Performance Data, including but not limited to water heater and boiler or water treatment appliance configuration, settings (including temperature, fan speed, voltage and pump information), water quality data, water consumption data, operating status, run time information, leak information, fault history, water sensor data, and service notices;
  • Payment Information, such as name, billing address and payment card details (including card number, expiration date and security code), which is collected and stored by a third-party payment processor on our behalf;
  • Visual Information, such as images captured from a CCTV camera;
  • Contest and Survey Information, such as details you provide through contests and surveys;
  • Information from Posts You Write, such as information contained in blog post comments and product reviews you submit;
  • Social Media Information, such as social media handles, personal account information, personal preference information, contact information, content and other data offered to us or shared with us through third-party features that you use on our Services (such as apps, tools, payment services, widgets and plug-ins offered by social media services like Facebook, Instagram, LinkedIn, Twitter, WeChat, Weibo and YouTube) or posted on social media pages (such as our social media page or other pages accessible to us);
  • Internet Usage Information, such as browsing history, search history, web-based location, IP address, and any other Internet usage information our Services may automatically record when you visit;
  • Device information, such as browser or device model and settings, operating system, and unique identifiers;
  • Inferences, such as inferences drawn from any of the personal information identified;
  • Criminal Personal information, such as fraudulent behavior. We will solely process such data when we identify fraud and other criminal or illegal activity activities;
  • Other Personal Information, such as personal information contained in content you submit, such as through our “Contact Us” feature or customer support tools, Refer a Friend programs, the A. O. Smith Contractor Portal, the Enterprise Portal, Service Provider Enrollment, LochinvarU, in the Chinese market sales agency stores and the Advertising Resource Center; and
  • Professional Information, such as information you submit in connection with a career opportunity at A. O. Smith, such as contact details, information in your resume, and details about your current employment.

We sometimes need to collect and use your personal information to enter into a contract with you or to perform our obligations under a contract with you, or because the law requires us to collect the personal information. You are not required to provide this information but, if you choose not to do so, we may not be able to enter into a contract with you or offer you certain Services and related features. In this case, we might have to cancel the contract or Service you have with us but we will notify you if this is the case at the time.

How We Use Your Personal Information

We may use or disclose the information we collect through the Services or from third parties for the purposes and, to the extent the (UK) GDPR (as defined and further explained in section ‘Additional Information For Individuals Located in the UK and EEA’ below) applies, on the basis of the legal grounds set out below:

  • fulfill or meet the reason you provided the information;

Legal grounds: contract performance; legitimate interests (to run our business).

  • provide our products and services to you;

Legal grounds: contract performance; legitimate interests (to run our business).

  • establish and manage your account;

Legal grounds: contract performance; legitimate interests (to establish and manage the relationship with you).

  • process and fulfill claims and orders in connection with our products and Services, and keep you informed about the status of your order;

Legal grounds: contract performance; legitimate interests (to run our business).

  • improve and customize your experience with the Services;

Legal grounds: legitimate interests (to ensure the quality of Services).

  • identify and authenticate you so you may use the Services;

Legal grounds: contract performance; legitimate interests (to enable us to verify your information).

  • send you notifications and alerts (including status updates and fault alerts) related to your use of our products and Services, including our Con-X-Us app or iCOMM system;

Legal grounds: contract performance; legitimate interests (to run our business).

  • send you newsletters and other communications if you sign up to receive them;

Legal grounds­: depending on the type of communication and our relationship with you, consent at the time we collect your data; legitimate interests (to promote and market our business).

  • market our products to you and provide you with promotions, including special deals, coupons, discounts and chances to win contests;

Legal grounds: depending on the type of marketing and our relationship with you, consent at the time we collect your data; legitimate interests (to promote and market our business).

  • serve you targeted advertising or content;

Legal grounds: depending on the type of marketing and our relationship with you, consent at the time we collect your data; legitimate interests (to promote and market our business).

  • conduct marketing and market research;

Legal grounds: legitimate interests (to enable us to improve our Services and ensure quality control).

  • communicate with you about, and administer your participation in, surveys and market research;

Legal grounds: legitimate interests (to enable us to improve our Services and ensure quality control).

  • respond to your requests and inquiries and provide customer support

Legal grounds: contract performance; legitimate interests (to address queries or complaints to or about our business and improve our Services and ensure quality control).

  • manage career opportunities;

Legal grounds: (preparation of) contract performance, legal obligations and legitimate interests (to enable us to effectively recruit staff).

  • manage contractor and service provider relationships;

Legal grounds: contract performance, legitimate interest (to run our business).

  • operate, evaluate and improve our business (including developing new products; enhancing and improving our Services; managing our communications; analyzing our user base and Services; performing data analytics and market research; and performing accounting, auditing and other internal functions);

Legal grounds: legitimate interest (to ensure the quality of Service and enable us to operate, evaluate and improvise our Services and business and ensure quality control).

  • evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of A.O. Smith’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by A.O. Smith is among the assets transferred;

Legal grounds: legitimate interests (in order to allow us to change our business).

  • detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for that activity;

Legal grounds: legal obligations and legitimate interests (to enable us to ensure the security of our systems, protect our business and to assist with the prevention of crime and fraud). Where personal data relating to criminal convictions or offences is processed, we will limit such processing to what is authorized by applicable law, for example (where possible) by relying on substantial public interest (fraud prevention) or legal claims, as applicable.

  • protect against, identify and prevent fraud and other criminal activity, claims and other liabilities; and,

Legal grounds: legal obligations and legitimate interests (to protect our business, to assist with the prevention of crime and fraud and to exercise, establish or defend legal claims). Where personal data relating to criminal convictions or offences is processed, we will limit such processing to what is authorized by applicable law, for example (where possible) by relying on substantial public interest (fraud prevention) or legal claims, as applicable.

  • comply with and enforce applicable legal requirements, relevant industry standards and our policies, including this Privacy Policy and A. O. Smith’s Terms and Conditions, carry out our contractual obligations; and process your information as described by you when collecting your personal information, with your consent, or as otherwise set forth under applicable law.

Legal grounds: contract performance, legal obligations, consent and legitimate interests (to enable us to effectively ensure policy and industry standards compliance).

For more information on the legal grounds, please refer to the section ‘Why we use your personal information’ under ‘Additional Information For Individuals Located in the UK and EEA’ below.

How We Disclose Personal Information

We do not disclose personal information we obtain about you, except as described in this Privacy Policy. We may collect, use, retain, disclose, and store personal information collected from or about you with any of the following entities and for any of the following purposes:

  • Service Providers and Advertising PartnersWe may provide personal information to vendors, order fulfillment vendors, text messaging and other communications vendors, product installation and services and data analytics vendors, payment processors, contractors, business and service partners, or other third parties, such as advertising partners or other marketing partners who provide services to us, including analysis firms, advertisers, and others.
  • Subsidiaries and affiliates.
  • Government, regulatory, or law enforcement agencies. We reserve the right to disclose your information to respond to valid information requests from government authorities and judicial requests, to investigate potential fraud or suspect/actual illegal activity, or where otherwise required by law. We may also disclose your personal information where we believe the disclosure is necessary or appropriate to comply with regulatory or legal requirements, or to protect the safety, rights, or property of ourselves and others and to exercise, establish, or defend legal claims.
  • In connection with a merger, acquisition, or business transfer. If we sell all or a part of our company, are part of a merger, consolidation, restructuring, sale of company stock, and/or sale of assets or other corporate change, your information may be transferred as part of that transaction.
  • At your direction. We may disclose your personal information at your direction or with your consent.
  • Aggregate DataWe may disclose your personal information in an aggregated or non-identifying form or otherwise in a form that cannot reasonably be used to identify you.

Children's Privacy

You must be 18 years or older to use our Services. Our Services are for a general audience, are not targeted to children, and do not knowingly collect personal information from children under 18 years of age.

Other Online Services and Third-Party Features

Our Services may provide links to other online services and websites for your convenience and information, and may include third-party features such as apps, tools, widgets and plug-ins. These services, websites, and third-party features may operate independently from us. The privacy practices of these third parties, including details on the information they may collect about you, are subject to the privacy statements of these parties, which we strongly suggest you review. To the extent any linked online services or third-party features are not owned or controlled by us, we are not responsible for these third parties’ information practices.

CCTV

We use CCTV video recording to protect the physical security of our property and Services in line with applicable laws. We do this to comply with our contractual obligations (e.g., with customers and insurers) and our internal physical security policies to safeguard our properties, workplaces, people and data.

Your Advertising Choices

When you use our Services, our third-party advertising partners, social media providers, and analytics providers may collect personal information about your online activity on our Services and on third party websites.

Where required by applicable law, we will obtain your consent for the processing of your personal information for direct marketing purposes and you may revoke your consent at any time. You may see our ads on other websites or mobile apps because we use ad tech partners to serve and target ads for our products and services to you on various other websites, mobile apps, and online services. Using ad tech partners allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. Ad tech partners track users’ online activities over time by collecting information through automated means, including through the use of browser cookies, web beacons, device identifiers, server logs, web beacons and other similar technologies (as discussed further below). This information is used by our ad tech partners to deliver ads that may be tailored to individuals’ interests, to track users’ browsers or devices across multiple websites and apps, and to build a profile of users’ online browsing and app usage activities. The information our ad tech partners may collect includes data about users’ visits to websites and apps, such as the pages or ads viewed and the actions taken on websites or apps. This data collection takes place both on our Services and websites and on third-party websites and apps. We also use ad tech partners to measure the effectiveness of our marketing efforts.

If you would like more information about this practice, and to know your choices with respect to it, please either visit the Digital Advertising Alliance’s opt-out page (currently available at http://www.aboutads.info/choices/) or the Network Advertising Initiative’s opt-out page (currently available at http://www.networkadvertising.org/choices/). Please note that you may continue to receive generic ads that are not based on your preferences.

Your Marketing Preferences

We may periodically send promotional materials or notifications related to our Services. Where required by applicable law, we will obtain your consent for the processing of your personal information for this purpose. If you no longer wish to receive promotional marketing materials from us, you may opt out of receiving such materials. You may unsubscribe from receiving marketing or other commercial emails from us by following the instructions included in the email.

You may elect to receive SMS text messages from us. When you sign up to receive text messages, we will send you information about promotional offers and more. These messages may use information automatically collected based on your actions while on our sites and may prompt messaging such as cart abandon messages. To the extent you voluntarily opt to have Text notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number or when you read a text message. You may opt out of receiving text messages at any time by texting “STOP” to our text messages. For more information about text messages, see our Terms and Conditions.

Information Security

We use appropriate technical and organizational measures designed to safeguard information in its possession against loss, theft, unauthorized use, disclosure, or modification. However, the confidentiality of information transmitted over the Internet cannot be guaranteed. We urge you to exercise caution when transmitting personal information over the internet. We cannot guarantee that unauthorized third parties will not gain access to your information; therefore, when submitting personal information to us, you do so at your own risk.

Cookies and Similar Technologies

When you use our Services or open our emails, we may obtain certain information by automated means, such as browser cookies, web beacons, "localStorage", device identifiers, server logs, and other technologies. The information we obtain in this manner may include your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, web browser characteristics, language preferences, clickstream data, your interactions with our Services (such as the web pages you visit, links you click and features you use), the pages that led or referred you to our Services, dates and times of access to our Services, and other information about your use of our Services. We also may receive your device’s geolocation and other information related to your location through GPS, Bluetooth, WiFi signals and other technologies for certain purposes listed below, such as to provide you with our Services. Your device may provide you with a notification when the Services attempt to collect your precise geolocation.

A “cookie” is a piece of data that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. Cookies can be stored in the browser by us, when you visit our sites, as well as by the service providers and ad tech partners we use on the site. Another technology we use, "localStorage", is similar to a cookie and stores data in the browser and can be accessed by the party that stored the data. A “web beacon,” also known as a script tag, pixel tag or clear GIF, links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. We and our third-party service providers may use beacons in emails to help us track response rates, identify when our emails are accessed or forwarded, and for other purposes listed below.

All of these technologies help us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with the Services; (3) tailor the Services around your preferences; (4) measure the usability of the Services; (5) understand the effectiveness of our communications; and (6) otherwise manage and enhance the Services.

To the extent required by applicable law, we will obtain your consent before placing cookies or similar technologies on your computer. Most web browsers will tell you how to stop accepting new browser cookies, how to be notified when you receive a new browser cookie and how to disable existing cookies. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org. In addition, your mobile device settings may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with app developers and operators such as us. Please note that without cookies or other automated tools we used to collect this type of data (such as geolocation data), you may not be able to use all the features of our Services.

Some browsers permit the user to send a “Do Not Track” (“DNT”) signal to websites that the user visits indicating that the user does not wish to be tracked over time and across websites. Because there is not yet a common understanding of how to interpret the DNT signal, we do not currently respond to that signal on our websites. We do, however, respond to global privacy preferences when required by law.

Third-Party Web Analytics Services

Through our Services, we may obtain personal information about your online activities over time and across third-party apps, websites, devices and other online services. On our Services, we use third- party online analytics services. The service providers that administer these analytics services use automated technologies to collect data (such as email address, IP addresses, cookies and other device identifiers) to evaluate, for example, use of our Services, to diagnose technical issues and to serve ads. Please note that by blocking any or all cookies you may not have access to certain features, content or personalization available through our Services.

Online Tracking and Interest-Based Advertising

When you use our Services, our third-party advertising partners, social media providers, and analytics providers may collect personal information about your online activity on our Services and on third party websites.

These providers may set web tracking tools (e.g., cookies and web beacons, as discussed further below) to collect information regarding your online activity. In addition, our advertising partners may use this information to deliver advertisements to you when you visit third party websites within their networks. If you would like more information about this practice, and to know your choices with respect to it, please either visit the Digital Advertising Alliance’s opt-out page (currently available at http://www.aboutads.info/choices/) or the Network Advertising Initiative’s opt-out page (currently available at http://www.networkadvertising.org/choices/). In the European Union, please visit www.youronlinechoices.eu.

Please note that you may continue to receive generic ads that are not based on your preferences.

Additional Information For Residents of California, Virginia, Colorado, Connecticut, and Other U.S. States with Similar Privacy Laws

Residents of Virginia, Colorado, Connecticut, other U.S. states with similar privacy laws, and California (including those California residents acting in their business capacity) have certain rights with respect to their Personal Information, as described below. We have provided detailed descriptions above in the “How We Collect Personal Information,” “Types of Personal Information We May Collect From You,” “How We Use Your Personal Information,” and “How We Disclose Personal Information” sections of this Privacy Policy. For purposes of this Section, “Personal Information” is synonymous with “personal data” and generally means information that identifies, relates to, or describes a particular in-scope state resident.

Some states define “sale” as the exchange of information for monetary consideration, while other states define “sale” as providing your information in exchange for valuable consideration, which may or may not be monetary. We do not “sell” Personal Information, as defined under California and other similar state privacy laws. However, we do engage in targeted advertising, which helps to serve you with A.O. Smith ads when you are not on our site.

In addition, we may process each category of Personal Information in order to protect A.O. Smith’s and others’ rights, and/or to complete a merger, bankruptcy, sale of assets, or other corporate transaction, which is not included in the definition of “sale” under California or other similar state privacy laws. Please see the “How We Use Your Personal Information” and “How We Disclose Your Personal Information” sections above for more details about our purposes for processing, including how other parties may process Personal Information.

Based on your interactions with us, we may not have collected, disclosed, “shared”, “sold”, or processed for purposes of targeted advertising each (or any) of these categories of Personal Information for each listed purpose.

What We Collected, Disclosed, Shared/Sold, and/or Processed for Targeted Advertising

The chart below indicates the categories of Personal Information that we have collected, disclosed (or have enabled you to disclose), “shared” (under California law), processed for the purposes of targeted advertising (e.g., under Texas law), or “sold” (e.g., under California, Colorado, and Connecticut laws); and the categories of third parties to whom each category of Personal Information was disclosed, “shared”, “sold”, or processed for targeted advertising purposes. Please note that we process Personal Information in connection with certain types of advertisements, which could be considered “sharing” under California law or “selling” under other state privacy laws (e.g., California, Colorado, and Connecticut). Additionally, we do not knowingly “share” or “sell” Personal Information of minors under 16 years of age.

CATEGORY CATEGORIES OF PARTIES TO WHOM INFORMATION IS DISCLOSED CATEGORIES OF THIRD PARTIES TO WHOM INFORMATION IS SOLD AND/OR SHARED VIRGINIA, COLORADO, CONNECTICUT, AND OTHER STATES WITH SIMILAR PRIVACY LAWS: PROCESSED FOR TARGETED ADVERTISING
Identifiers, such as a name, postal address, online identifier, IP address, email address, account name, or other similar identifiers. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.
Characteristics of protected classifications under federal, California, and other similar state privacy laws, such as age or gender. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.
Categories of personal information, including as described in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.
Commercial information, such as product registration information, purchase information, and information about your A. O. Smith product configurations and performance data. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.
Internet or other electronic network activity information, such as social media, browsing history, search history, and information regarding a consumer’s interaction with an internet website application, or advertisement. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.
Geolocation data. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). N/A. No.
Audio, electronic, visual, thermal, olfactory, or similar information. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). N/A. No.
Professional or employment-related information (such as information you submit in connection with a career opportunity at A. O. Smith). Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). N/A. No.
Education information, (such as non-public education information per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). N/A. No.
Inferences, such as those drawn from any of the information identified herein to make a profile or summary about, for example, an individual’s preferences, behavior, characteristics, and attitudes. Subsidiaries and affiliates, service providers, fulfillment providers, text messaging and communication providers, product installation, law enforcement (if necessary). Ad partners and advertising technology companies. Analytics providers. Yes.


Sensitive Personal Information. We do not process “sensitive” Personal Information for purposes other than those specified in applicable law (such as to provide the Services you requested or to prevent, detect, and respond to security incidents).

Data Retention. We will retain Personal Information from or about you for the period reasonably necessary and proportionate to fulfill the purpose(s) for which the Personal Information was collected or processed as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Purposes

We may use this Personal Information and/or disclose it to third parties for the following purposes, including commercial purposes:

  • to operate, manage, and maintain our business and for the various purposes listed or described in this privacy policy in the section entitled “How We Use Your Personal Information” above;
  • to provide our Services;
  • developing, improving, repairing, and maintaining our Services;
  • understanding user flows and navigation of our Services;
  • personalizing, advertising, and marketing Services;
  • conducting research, analytics, and data analysis;
  • maintaining our facilities and infrastructure;
  • quality and safety assurance measures;
  • conducting risk and security controls and monitoring;
  • detecting and preventing fraud;
  • performing identity verification;
  • performing accounting, audit, and other internal functions;
  • complying with the law, legal process, and internal policies;
  • maintaining records; and
  • exercising and defending legal claims.

Sources of Personal Information

We collect this Personal Information directly from residents of California, Virginia, Colorado, Connecticut, and other states with similar privacy laws themselves, as well as from social media platforms (e.g., if the individual has connected a social media account to our website); referrals; joint marketing, co-branding, co-promotional, or advertising partners; and sources of demographic and other information, including through devices you used to interact with us through our Services. All sources of Personal Information collected are noted in the “How We Collect Personal Information” and “Types of Personal Information We May Collect From You” sections above.

Your Privacy Rights Under Applicable State Law

If you are a resident of California, Virginia, Colorado, Connecticut, or other state with a similar privacy law, you may have the following rights with respect to Personal Information, as described below.

We are required by law to verify your identity depending on the type of request in order to prevent unauthorized access of your data. We verify your identity through a challenge response. Failure to verify your identity may result in your request not being processed. Where required by applicable law, we will notify you if we deny your request and notify you of the reasons we are unable to honor your request.

Right to Know and Access Personal Information: You may request to confirm whether we are processing Personal Information about you and request to access information we have collected and maintain about you. If your request is granted, we will provide you with a copy of the Personal Information we have collected and maintained about you in a portable manner. .

Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.

Deletion of Personal Information: You may request that we delete the Personal Information we have collected from you. Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.

Opt Out Rights: Depending on the state you reside in, you may have the right to opt out of the “sale” of your data and/or the disclosure of your data for cross-context behavioral advertising/targeted advertising (known as a “share” in California).

Additionally, if you are a California resident, you may have the right to opt out of profiling in certain circumstances. If you are a resident of Virginia, Colorado, Connecticut, or other state with a similar privacy law, you have the right to opt out of profiling in furtherance of solely automatized decisions that produce legal or similarly significant effects.

In order for you to exercise this right, please fill out our "Do Not Sell or Share My Personal Information" form.

Correction of Inaccurate Personal Information: You have a right to request the correction of inaccurate Personal Information that we may have on file about you. Please note that, in some instances, we may decline to honor your request or only honor your request in part, where, for example, we are unable to verify your identity or an exception to this right applies.

Non-Discrimination: You have the right to be free from unlawful discrimination for exercising your above-listed rights under the laws of California and other states with similar privacy laws.

Right to Appeal: Depending on your state of residence, you may have the right to request an appeal if we decline to take action in response to your consumer request.

To Exercise Rights:

In order to exercise your right to opt out of Targeted Advertising or the “Sale” or “Sharing” of your Personal Information, please visit our "Do Not Sell or Share My Personal Information" page.

In order to exercise your other rights described above, please email us at InfoSecpolicy@aosmith.com or submit this web form. Additionally, we may need to obtain information about you or your specific request in order to verify your identity and respond.

Authorized Agent

Depending on your state of residence, you may use an authorized agent to exercise a privacy right discussed above. If you are an authorized agent acting on behalf of a consumer residing in California or other state with a similar privacy law, you must be able to demonstrate that you have the requisite authorization to act on behalf of the resident. If you are an authorized agent trying to exercise rights on behalf of an A.O. Smith consumer, please contact us at the contact information below with supporting verification information, which includes proof that you have access to the consumer’s interface and proof of your own identify.

Shine the Light Disclosure

We do not disclose personal information as defined by California Civil Code § 1798.83 (the “Shine the Light Law”) with third parties, other than our affiliates, for their direct marketing purposes absent your consent. If you are a California resident, you may request information about our compliance with the Shine the Light Law by sending an email to InfoSecpolicy@aosmith.com or by sending a letter to Office of the General Counsel, A.O. Smith Corporation, 11270 West Park Place, Milwaukee, WI, 53224. Any such request must include “Request for California Privacy Information” in the subject line and include your name, street address, city, state, and ZIP code. Please note that we are only required to respond to one request per customer each year, and we are not required to respond to requests made by means other than through the email address or mailing address referenced above.

Additional Information For Individuals Located in the UK and EEA

Who we are:

A.O. Smith is responsible for the handling of your personal information (which includes personal data as defined in the (UK) General Data Protection Regulation ((UK) GDPR), i.e. any information relating to an identified or identifiable natural person) we collect from you, unless stated otherwise. For more information on the A.O. Smith entities responsible for the processing of your personal information, please refer to the section ‘Contact Us’ below.

Sources of information:

Please see the section ‘How We Collect Personal Information’ above for the sources from which your personal information may originate.

Information we collect about you:

Please see the section ‘Types of Person Information We May Collect From You’ above for an overview of the information we collect about you.

Why we use your personal information:

When we use your personal information, we require a legal justification, also known as a “legal ground” under the (UK) GDPR. Normally, we will rely on the one or more of the following legal grounds:

Performance of a contract: This is relevant where we collect and use your personal information where necessary to enter into a contract with you or to perform our obligations under a contract with you.

Legitimate interest: This is relevant where we use your personal information where it is necessary for our legitimate interests and does not override your rights.

Compliance with law or regulation: This is relevant where we use your personal information where necessary to comply with applicable laws.

Consent: This is relevant where we need your consent to use your personal information. However, we do not usually need your consent if there is another legal ground as above. You can withdraw your consent by contacting us (see the section ‘Contact Us’ below).

We may process your personal data for more than one legal ground depending on the specific purpose for which we are using your personal information.

For an overview of the relevant legal bases per processing purpose please see the section ‘How We Use Your Personal Information’ above.

Profiling and automated decision making:

We and our ad tech partners automatically process your personal information, including your interactions with us (such as how often you look at a product or page) and products you have purchased or looked at, to create a profile about you. This allows us to personalise our products to your interests. If you wish to stop this profiling, please contact us using the contact details included in section ‘Contact us’ below.

Who we share your personal information with?

Please see to the section ‘How We Disclose Personal Information’ above for an overview of who we share your personal information with.

Security of your personal information:

Please see the section ‘Information Security’ above for information on the security of your personal information.

Sharing personal information abroad:

Please see the section ‘International Data Transfers’ below for the safeguards we put in place for any international transfers of personal information.

How long will we keep your personal information?

How long we keep your personal information will depend on our business needs and any legal requirements to keep the personal information in question. We retain personal data for as long as is necessary for the relevant purpose. There may also be laws that set out a minimum period for which we have to keep your personal information, even if we no longer need it for its purpose.

Your rights:

Individuals located in the UK and EEA have certain rights with respect to their Personal Information, as described below.

In accordance with law, we verify your identity in connection with any request in order to prevent unauthorized access of your data. Failure to verify your identity may result in your request not being processed. Furthermore, these rights are subject to certain exemptions established by law, such as to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We have an obligation under the (UK) GDPR to respond without undue delay and in any event within one month (subject to the right to extend this period by an additional two months in certain limited situations). Where required by applicable law, we will notify you if we deny your request and notify you of the reasons we are unable to honor your request.

Access: You have a right to be provided with a copy of your personal information.

Rectification: You have a right to update any inaccuracies in the personal information we hold.

Erasure: You have a right to delete any personal information that we no longer have a lawful ground to use.

Withdraw consent: Where processing is based on consent, you have a right to withdraw your consent. This means we stop that particular processing but it will not affect the validity of the processing based on your consent before you withdrew it.

Portability: You have a right to ask us to transmit the personal data you have provided to us and we still hold about you to a third party electronically.

Object: You have a right to object to any processing based on the legitimate interests legal ground for reasons connected to your individual situation. However, we have the right to continue this processing if we believe we have a legitimate overriding reason to continue. Where we process your personal information for direct marketing purposes, including any profiling related to the direct marketing, you have a right to object at any time in which case we shall no longer process your personal data for such purposes. To exercise this right, you can by following the instructions included in any direct marketing email you receive from us.

Restriction: You have a right to restrict how we use your information whilst a complaint is being investigated.

Profiling and automated decision making: You have a right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.

Raise a complaint: You can raise a complaint about our processing with the data protection regulator in your jurisdiction (for an overview of data protection regulators, please visit: https://edpb.europa.eu/about-edpb/about-edpb/members_en).

To make a request, please contact us using the contact details included in the section ´Contact Us’ below.

Additional Information For Individuals Located in the APAC Region

Residents of countries located in the APAC region may have additional rights in regards to their data. Additional information regarding these rights will be located on the individual APAC-specific websites.

International Data Transfers

We may transfer the personal information we obtain about you to recipients (including our subsidiaries and affiliates, and third party service providers) in countries other than the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to recipients in other countries (such as the U.S.), we will protect that information as described in this Privacy Policy.

If you are located in the UK, EEA or Switzerland, we will comply with applicable legal requirements regarding providing appropriate safeguards for the transfer of personal information to recipients in countries for which the European Commission, or the relevant authority in the UK or Switzerland (as the case may be) has not issued an adequacy decision. These safeguards may include data transfer agreements (such as ‘standard contractual clauses’), copies of which may be obtained by contacting us as indicated in the How to Contact Us section of this Privacy Policy and we may be legally permitted to transfer your personal information outside the UK, the EEA and/or Switzerland using other methods. In all cases any transfer of your personal information will be compliant with applicable data protection law.

Updates to the Policy

We may update this policy from time to time. To the extent permitted by law, any changes to our privacy policy will be posted to the websites and will become effective upon posting. Any changes will be effective only after the effective date of the change and will not affect any dispute arising prior to the effective date of the change.

Contact Us

We welcome all requests, suggestions and questions concerning our use of your personal Information. All such communication should be directed to InfoSecpolicy@aosmith.comYou can also write us at:

U.S.

General Counsel
A. O. Smith Corporation
11270 West Park Place
Milwaukee, WI 53224
USA

EEA

Residents of the EEA may contact us at InfoSecpolicy@aosmith.com or at the address noted above.

China

In addition to the email and address above, you may also call A.O. Smith China's 24-hour service hotline, 4008288988, or write to us at:

A.O. Smith (China) Water Heater Co., Ltd.
No. 336, Yaoxin Avenue
Nanjing Economic and Technological Development Zone, PRC
P.C. 210038