Data processing principles at Liebherr
You have come to this page via a link because you would like to find out about how we handle the personal data of business partners. We would like to give you an overview of how your personal data is processed and about your rights as a data subject by providing you with the following information.
A. General information
I. What does this data protection policy govern?
The protection and security of your personal data is extremely important to us. It is accordingly essential that we inform you about the type of personal data that we collect about you, the purpose thereof and what your rights are in relation to your personal data.
II. What is personal data and what does processing mean?
- “Personal data” (hereinafter also referred to as ‘data’) is any information that says something about a natural person. Personal data is not only information that makes a direct reference to a specific person (such as the name or email address of a person), but also information with which, given appropriate additional knowledge, a reference to a specific person can be made.
- “Processing” means any measures taken in relation to your personal data (such as the collection, recording, organisation, ordering, storage, use or deletion of data
B. Data processing
I. Who is in control of the processing of your data?
The body in control (“the controller”) of the processing of your data is Liebherr-Hausgeräte GmbH, Memminger Strasse 77-79, 88416 Ochsenhausen, contact: [email protected], tel. +49 7352 928-4460.
II. What data do we collect and for what purpose?
In the context of the cooperation with business partners, we process the following data of contact persons at customers, prospects, distribution partners, suppliers and partners (hereinafter referred to individually or jointly as ‘business partner(s)’):
- contact information, such as forenames and surnames, business address, business telephone number, business mobile telephone number, business fax number and business e-mail address;
- payment data, such as details required to process payment transactions or prevent fraud, including credit card information and card verification numbers;
- further information the processing of which is required within the framework of a project or the processing of a contractual relationship with Liebherr or which is voluntarily provided by business partners, e.g. in the context of orders being placed, enquiries or project details;
- personal data that is collected from publicly available sources or information databases, or is collected by credit agencies; and
- if legally required in the context of compliance screening: date of birth, identification document and identification numbers, information regarding relevant court proceedings and other legal disputes in which the business partners are involved.
In principle, we will process this data only for the following purposes:
- communication with business partners in relation to products, services and projects, e.g. in order to process enquiries made by the business partners or prepare technical information regarding products (data categories used: 1, 3)
- planning, conducting and administration of the (contractual) business relationship between Liebherr and the business partner, e.g. in order to process the ordering of products and services or collect payments, for accounting and billing purposes, and in order to carry out deliveries, maintenance tasks or repairs (data categories used: 1, 2, 3, 4 and, if applicable, 5)
- carrying out customer surveys, marketing campaigns, market analyses, contests, competitions or similar initiatives and events (data category used: 1)
- compliance with (i) legal requirements (e.g. with record-keeping obligations under tax or commercial law), (ii) existing obligations to carry out compliance screening (in order to prevent economic crime or money laundering) and (iii) Liebherr guidelines and industry standards (data categories used: 1, 2, 3, 4 and 5) and
- settling legal disputes, enforcing existing contracts and establishing, exercising or defending legal claims (data categories used: 1, 2, 3, 4 and 5)
Data may be processed for other purposes only if the requisite legal conditions pursuant to Article 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Article 13(3) GDPR and Article 14(4) GDPR.
III. What is the legal basis on which we collect your data?
Unless there are any specific legal provisions, the legal basis for the processing of your data is, in principle, Article 6 GDPR.
Your data shall be processed on the following legal basis/bases:
- Consent (Article 6(1)(a) GDPR) (for purpose 3)
- Data processing for the performance of contracts (Article 6(1)(b) GDPR) (applies to purpose 1, 2, 4)
- Data processing on the basis of a balancing of interests (Article 6(1)(f) GDPR) (applies to purpose 3)
- Data processing for compliance with a legal obligation (Article 6(1)(c) GDPR) (applies to purpose 4(i) and (ii))
Our legitimate interests are:
- commercial interest (purpose 3)
- customer service (purpose 3)
- product improvement (purpose 3)
- risk detection (purpose 3)
- customer loyalty (purpose 3)
If we process your data on the basis of your consent, you have the right to withdraw your consent from us at any time with effect from the date of your withdrawal.
If we process your data on the basis of a balancing of interests, you have the right to object to the processing of your data, taking into account the provisions of Article 21 GDPR.
We process your data only to the extent required to fulfil the aforementioned purposes
IV. To whom and for what purposes do we transmit your data, and which categories of your data do we transmit?
We may transmit your data to:
- Other companies of the Liebherr Group, provided that this is required to bring about, perform or terminate a contract, or there is a legitimate interest in the transmission on our part, and it is not precluded by your overriding legitimate interest; (data category 2)
- Our service providers that we use to achieve the aforementioned purposes; (data categories 1, 2, 3, 4 and 5)
- Courts, arbitrators, authorities or legal advisers, if this is required to comply with the applicable law or to establish, exercise or defend legal claims. (data categories 1, 2 and 5)
V. Will my data be processed outside the European Union?
A transfer to entities in countries outside the European Union (so-called third countries) is permissible only (1) if you have given us your consent or (2) if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we can transfer your data to third parties located in a third country only if appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and the enforcement of your rights as a data subject is guaranteed.
VI. When do we delete or anonymise your data?
We process your data, provided that this is necessary for the respective purpose, if you have not effectively objected to the processing of your data or effectively withdrawn the consent that you may have given.
If statutory retention obligations exist – e.g. under tax or commercial law – we will have to store the data affected thereby for the duration of the retention obligation. After the expiry of the retention obligation, we check whether there is any further necessity for the processing. If there is no longer any necessity, your data is deleted.
VII. To what extent is there automated decision-making in each individual case?
In principle, we do not use fully automated decision-making pursuant to Article 22 GDPR to establish and conduct the business relationship. If we use such procedures in individual cases, we will inform you of this individually, if this is required by law.
VIII. To what extent will my data be used for profiling (here: scoring)?
In some cases, we process your data in an automated manner with the aim of evaluating certain personal aspects (profiling). We use profiling in the following cases:
- On the basis of statutory and regulatory provisions, we are obliged to combat money laundering, terrorism financing and criminal offences that pose a threat to assets. Data evaluation (inter alia in payment transactions) is also carried out in this context. At the same time, these measures also serve for your protection. (purpose 4)
- We use scoring when assessing your creditworthiness. In this respect, the probability of a customer discharging his payment obligations under the contract is calculated. The calculation may include, for example, income levels, expenditure, existing liabilities, profession, employer, length of service, experiences from the previous business relationship, repayment of previous credit in accordance with the contract, and information from credit agencies. This scoring is based on a mathematically and statistically acknowledged and proven method. The scores calculated support us with decision-making in the context of product sales and are integrated into our ongoing risk management. (purpose 2)
C. How is your personal data protected from unauthorised access and loss?
We use technical and organisational security measures to ensure that your data is protected from loss, improper changes or unauthorised access by third parties. Moreover, we ensure that, on our side, only authorised persons are granted access to your data and then only to the extent necessary for the above-mentioned purposes. The transmission of all data is encrypted.
D. The rights of the data subject and the right to lodge a complaint
Within the provisions of the legislation, you have the right to:
- Information about your data;
- The correction of incorrect data and the completion of incomplete data;
- The deletion of your data, particularly if (1) it is no longer necessary for the purposes stated in this data protection policy, (2) you withdraw your consent and there is no other legal basis for the processing, (3) your data has been unlawfully processed or (4) you have objected to the processing and there are no overriding legitimate grounds for the processing.
- The restriction of the processing of your data, especially if the accuracy of the data is contested by you or the processing of your data is unlawful and you request the restriction of use instead of erasure.
- The right to receive your data in a structured, commonly used and machine-readable format and to have your information transmitted by us directly to another controller.
Please note that the withdrawal of your consent shall not affect the legality of the processing carried out on the basis of your consent until the withdrawal.
If you seek to assert the above rights in a manner that is not in writing, kindly note that we may need to insist that you provide proof to establish that you are the person who you say you are.In addition, you have the right to lodge a complaint with a supervisory authority.
E. Whom do I contact in respect of data protection issues and how do I contact him or her?
If you have questions about data protection, please contact:
Corporate Privacy
Liebherr-IT Services GmbH
St. Vitus 1
88457 Kirchdorf an der Iller
Email: [email protected]
Version: November 2018