November 15, 2018
This Data Protection Statement describes the collection and further processing of personal data by companies of the HUBER+SUHNER Group (together HUBER+SUHNER) as far as they are not covered by other data protection statements or are evident from the circumstances or are provided for by applicable law. The term personal data shall include all information relating to an identified or identifiable person.
If you provide HUBER+SUHNER with personal data of other persons, please make sure that they have seen this Data Protection Statement and provide their personal data to HUBER+SUHNER only if you are allowed to do so pursuant to applicable data protection law.
This Data Protection Statement is in line with the EU Data Protection Regulation (GDPR). Although the GDPR is a regulation of the European Union, it is relevant for us. The Swiss data protection legislation is heavily influenced by the law of the European Union. In addition, companies outside the European Union must comply with the GDPR in certain cases.
1. CONTROLLER, DATA PROTECTION OFFICER
HUBER+SUHNER AG is responsible for every HUBER+SUHNER website, every presence on social media, multimedia portals and every app of HUBER+SUHNER (each a WEBSITE) with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) or comparable provisions according to applicable data protection laws. Unless provided otherwise on the WEBSITE HUBER+SUHNER AG is the controller.
The respective affiliate is the controller in case it communicates through an own Website.
Should a HUBER+SUHNER group company disclose personal data to another HUBER+SUHNER group company for certain purposes of the receiving company, such company is the controller according to article 4 (7) GDPR. A comprehensive list of HUBER+SUHNER Group companies can be found here.
HUBER+SUHNER AG has not appointed a data protection officer according to article 37 GDPR save for its group companies in Germany. Any inquiry, claim or concern regarding data protection at HUBER+SUHNER (for all group companies) can be submitted via the following e-mail address: firstname.lastname@example.org
Our representative according to art. 27 GDPR is HUBER+SUHNER GmbH, Mehlbeerenstrasse 6, 82024 Taufkirchen, Germany.
2. PROCESSING OF PERSONAL DATA
HUBER+SUHNER collects and processes personal data of
- users of its WEBSITES registered with HUBER+SUHNER. Data of users of the WEBSITE, who do not register with HUBER+SUHNER but may constitute personal data for example with social media, the provisions of this policy regarding data collected from user in connection with the use of the WEBSITE shall apply accordingly even though the identification usually is not possible for HUBER+SUHNER.
- information pertaining to employees and to contacts of their actual and potential customers, dealers, suppliers, further business partners and to parties interested in HUBER+SUHNER products and services
- recipients of newsletters of HUBER+SUHNER
- visitors of HUBER+SUHNER fair booths
- participants in research campaign and opinion surveys
- personal data of actual and potential investors and analysts and information pertaining to employees and contacts of actual and potential investors and banks
- information pertaining to HUBER+SUHNER shareholders.
The personal data of HUBER+SUHNER business partners is generally collected directly during the course of using the WEBSITE, or following a HUBER+SUHNER booths visit during fairs or respectively during direct communication via e-mail, telephone or in any other way. However, personal data can also be collected indirectly.
In particular, the following categories of personal data is processed by HUBER+SUHNER:
- Personal data and contact information including but is not limited to first and last name, maiden name, title, gender, address, telephone number, e-mail address, job- function, etc.;
- Data pertaining to orders and purchases including but is not limited to payment information, credit card details and other payment details, billing and shipping address, products and services ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescissions and disputes, information regarding persons blacklisted by any sanction or embargo;
- Data in connection with product and services marketing including but is not limited to information such as newsletter opt-ins and opt-outs, documents received, invitations to and participations at fairs and similar, etc.;
- Data concerning the use of the WEBSITE including but is not limited to the IP address and other identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), date and time of WEBSITE visits, visited sites and contents, referring websites;
- Data in connection with communication such as preferred means of communication, language, correspondence and communication with HUBER+SUHNER, etc.;
Further, within the framework of their business relationship, business partners will be required to provide personal contact data necessary for the establishment and execution of the contractual relationship and the fulfilment of the associated contractual obligations or required by law. Without this data, HUBER+SUHNER will generally not be able to conclude or execute the contract with the respective business partner. As any access to the WEBSITE is logged, connection data (such as the IP address) will always be logged; this is done automatically during use and cannot be deactivated for individual users.
3. PURPOSE OF THE PROCESSING AND LEGAL BASIS
In accordance with applicable law, HUBER+SUHNER may process personal data particularly for, but not limited to, the following purposes:
- In connection with products and services offered, conclusions of contracts (especially purchases), executions of contracts (especially retailer and purchase contracts and contracts regarding the participation at retailer or customer programs and events), maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials
- Management of the users of the WEBSITE and other activities in which business partners participate, operation and enhancement of the WEBSITE (including the provision of functions which require identifiers or other personal data) and further IT systems, identity verifications
- protection of business partner, employees and other individuals and protection of data, secrets and assets of and entrusted to HUBER+SUHNER, safety of systems and premises of HUBER+SUHNER;
- compliance with legal and regulatory requirements and internal rules of HUBER+SUHNER, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities
- sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of personal data associated therewith
- For other purposes as far as a legal obligation requires processing and such processing was evident from the circumstances or indicated at the time of the collection.
HUBER+SUHNER uses the collected personal data based on the following legal grounds:
- performance of contracts
- compliance with legal obligations
- consent of the business partner and singular individual (only insofar as the processing is based on a specific query and can be withdrawn at any time, in particular the receipt of newsletters for which the business partner or individual person has registered for)
- legitimate interests of HUBER+SUHNER, including but not limited to
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners
- carrying out advertisement and marketing activities, provided that no objection has been raised
- efficient and effective customer support, maintenance of contact and other communication with business partners outside of the processing of contracts
- understanding customer behavior, activities, concerns and needs, market and opinion research, media surveillance
- efficient and effective improvement of existing products and services and development of new products and services
- efficient and effective protection of business partners, employees and other individuals as well as protection of data, secrets and assets of or entrusted to HUBER+SUHNER safety of systems and premises of HUBER+SUHNER
- maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the WEBSITE and other IT systems
- reasonable corporate governance and development
- successful sale and acquisition of business units, companies or parts of companies and other corporate transactions
- compliance with legal and regulatory requirements and internal rules of HUBER+SUHNER
- concerns regarding the prevention of fraud, offences and crimes as well as investigation in connection with such offences and other improper conduct, handling of claims and actions against HUBER+SUHNER, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions.
In accordance with applicable data protection laws, HUBER+SUHNER may in particular process personal data of users of the WEBSITE for the purpose of maintaining and developing the WEBSITE (including the provision of functions which require identifiers or other personal data), for statistical analysis regarding the use of the WEBSITE and its content as well as for combating abusive conduct, for purposes of legal investigations or proceedings and for the response to inquiries of public authorities.
All the purposes of processing shall be applicable for the whole HUBER+SUHNER, i.e. not only for the company which initially collected the personal data.
4. DISCLOSURE OF DATA AND TRANSFER OF DATA ABROAD
In accordance with applicable data protection laws, HUBER+SUHNER may disclose personal data to the following categories of third parties who process personal data in accordance with the purpose of data processing as set herein on behalf of HUBER+SUHNER:
- service providers (within HUBER+SUHNER as well as external), including processors
- dealers, suppliers and other business partners
- customers of HUBER+SUHNER
- local, national and foreign authorities
- the public including visitors of websites and social media of HUBER+SUHNER
- industry organizations, associations, organizations and other committees
- acquirers or parties interested in acquiring business units, companies or other parts of HUBER+SUHER
- other parties in potential or actual legal proceedings
- affiliates of HUBER+SUHNER Group.
HUBER+SUHNER may disclose personal data within the HUBER+SUHNER Group as well as to third parties worldwide. If data is disclosed to countries that do not guarantee adequate protection, HUBER+SUHNER will ensure adequate protection of data disclosed by business partners and singular individuals by way of putting adequate contractual guarantees in place, particularly on the basis of EU standard clauses, binding corporate rules or it bases the transfer on the exceptions of consent, conclusion or performance of contract, the determination, exercise or enforcement of legal claims, overriding public interests or it discloses the data in order to protect the integrity of these individuals.
5. RETENTION PERIOD OF DATA AND DATA SECURITY
As a rule, HUBER+SUHNER retains contract related personal data as long as the contractual relation is ongoing and for ten years after the termination of the contractual relationship unless a longer statutory or market related store obligation is applicable on a case-by-case basis, if this is required for reasons of proof or another valid reason based on applicable law and a deletion of data is not required earlier (in particular because the data is no longer required or HUBER+SUHNER is required to delete the respective data).
As a rule, shorter retention periods of maximal twelve (12) months are applicable for operational data without legal value containing personal data (e.g. protocols, logs).
Business records, including communications, will be retained as long as HUBER+SUHNER has an interest in them (particularly an interest for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements, an interest in non-personalized analysis) or is obligated to do so (by way of contract, law or other provisions). Deviating legal obligations are reserved particularly with respect to anonymization or pseudonymization.
HUBER+SUHNER has taken appropriate technical and organizational measure to protect personal data from unauthorized access and misuse.
6. COOKIES, GOOGLE ANALYTICS AND SOCIAL PLUG-INS
HUBER+SUHNER uses session and permanent cookies on its WEBSITE and in Newsletter. Cookies are a widespread technique that allocates an identification to the browser of the user of a WEBSITE which the user saves and shows upon request. Session cookies are automatically erased when the user closes the WEBSITE and they enable the server to establish a stable connection to the user as long as he browses on the website. Permanent cookies are erased after one year and they allow saving certain settings (e.g. language) for several sessions or allow for an automated log-in. The user consents to the application of permanent cookies by way of using the WEBSITE and the respective functions (e.g.
language settings and automated log-in). The user may block the application of cookies on his browser or delete cookies there which may, however, impair the use of the WEBSITE.
In accordance with applicable law, HUBER+SUHNER may install coding in newsletters and other marketing email which allow it to determine if the recipient has opened an email or downloaded pictures contained in the email. However, the recipient may block this application in his/her email application. In any case he consents to the application of this technology by way of receiving newsletters on other marketing related emails.
Should HUBER+SUHNER place advertisement of third parties on the WEBSITE (e.g. banners) or intend to place an own advertisement on the website of a third party, cookies from companies specializing in the use of such advertisement may be used. HUBER+SUHNER will not disclose personal data to such companies, i.e. they shall only place a permanent cookie with users of the WEBSITE in order to recognize users and do so in the sole interest of HUBER+SUHNER. This allows HUBER+SUHNER to place aimed advertisements for these users on external third party websites. HUBER+SUHNER will not disclose personal data to the operators of external websites either.
In addition, HUBER+SUHNER may use plug-ins from social media networks such as Facebook, Twitter, Youtube, Google+, Xing, LinkedIN, Pinterest or Instagram on its WEBSITE. In the default setting of the WEBSITE plug-ins are deactivated; the user can thus choose when to activate them. Should the user do so, the social media providers are able to establish a direct connection to the user during his visit on the WEBSITE, which allows the provider to be aware of the users visit and may analyze the respective¨information. The subsequent processing of the personal data will be conducted in the responsibility of the provider and according to his data protection policies. The provider of the respective social media offering will not disclose any information to HUBER+SUHNER.
HUBER+SUHNER may send newsletters, investor information or other commercial communications in connection with its products and services and its disclosed business to its business partners and single individuals, which have registered to this purpose. However, the respective customers and business partners and single individuals may object to a further mailing of newsletters or other commercial communications at any time through the link indicated in every mailing. However, the termination of one newsletter may not entail the termination of other newsletters, as well.
HUBER+SUHNER does not place personalized advertisement on the WEBSITE.
8. RIGHTS OF THE CUSTOMER, VISITORS AND PARTNERS
Any affected individual may request information from HUBER+SUHNER as to whether data concerning him/her is being processed. Furthermore, an affected individual has the right to request the correction, destruction or restriction of personal data regarding him/her as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected individual may withdraw consent at any time. In countries of the EU and EEA the affected individual may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer. Request in this respect shall be submitted to email@example.com. HUBER+SUHNER reserves the right to restrict the rights of the affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data. The exercise of these rights requires a proof of identity of the requesting person.
Should HUBER+SUHNER make an automated decision with respect to a certain individual which may have a legal effect for the affected individual or seriously affect her in a similar way, the affected individual shall have, in accordance with applicable law, the right to request a reconsideration of the decision or to request the prior evaluation by the controller. In this case the affected individual might no longer be able to use certain automated services. The individual will be informed thereof subsequently or separately in advance.
Any affected individual may also raise a complaint with the competent data protection authority. Where HUBER+SUHNER AG is the controller it is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch).
9. CHANGES TO THE DATA PROTECTION STATEMENT
This Data Protection Statement amends the one dated May 28, 2018. HUBER+SUHNER is entitled to amend this Data Protection Statement at any time and without prior notice or announcement. The latest version according to the WEBSITE shall be applicable.