Notes on data processing for business partners, interested parties and other persons concerned ("Data Protection Information")

 

Mitsubishi Hitachi Power Systems Europe GmbH (hereinafter "MHPSE") hereby informs you about the processing of personal data by MHPSE and the rights to which you as a data subject are entitled.

1. Scope and terminology
This privacy policy applies to the processing of personal data by MHPSE. With regard to the terminology used (e.g. "personal data", "processing" or "controller"), reference is made to the definitions in Art. 4 of the European General Data Protection Regulation (hereinafter referred to as "GDPR").
If interested parties, business partners and contacts are not at the same time persons concerned, they will pass on the data protection information to the natural persons acting on their behalf (e.g. their contact persons, other commissioned or authorised persons).

2. Controller and Data Protection Officer
The Controller for the processing of personal data within the meaning of Art. 4 para. 7 GDPR is
Mitsubishi Hitachi Power Systems Europe GmbH
Schifferstr. 80
D-47059 Duisburg, Germany
Email: infobox@eu.mhps.com
Phone: +49 203 8038 0

You can contact the Data Protection Officer designated by MHPSE at datenschutz@eu.mhps.com or at the aforementioned postal address by inserting "An den Datenschutzbeauftragten" (To the Data Protection Officer).

3. Purpose and legal basis of the processing

3.1 Processing for purposes of carrying out the contractual relationship
Within the framework of the initiation (e.g. processing of an inquiry, preparation of an offer), justification, processing and handling of the contractual relationship, MHPSE processes the data provided and required for this purpose (master and contact data of the business partner or his contact persons and other parties involved, contract and accounting data, communication with business partners or his contact persons and other parties involved, further information necessary for processing the enquiry or the order). The processing of these data takes place primarily for appropriate order processing. This also includes processing for the following purposes:

  • communication with the customer/supplier and other parties involved within the scope of order justification and processing,
  • identification in accordance with the Money Laundering Act (German Geldwäschegesetz, hereinafter "GwG" - see section 3.2),
  • the administrative execution (e.g. file management, contact administration) as well as the billing of the order,
  • the assertion, exercise or defense of reciprocal legal claims.

Within the framework of the contractual relationship, it may be necessary for MHPSE to collect personal data from publicly accessible sources (e.g. public registers, press, Internet).
Data processing is required pursuant to Art. 6 para. 1 s. 1 lit. b GDPR for the aforementioned purposes. If it is not you, but your employer or client, who is a contractual partner of MHPSE, the processing of the data provided by the contractual partner within the framework of the contractual relationship is carried out on your person on the basis of Art. 6 para. 1 s. 1 lit. f GDPR. The justified interest of MHPSE results from the necessity of the processing of these data for purposes of the order fulfilment and/or contribution of pre-contractual measures.

3.2 Fulfilment of legal obligations
MHPSE processes personal data to fulfil legal obligations such as compliance with commercial law, money laundering law and tax law documentation and storage obligations.
Legal basis for this is Art. 6 para. 1 s. 1 lit. c GDPR in conjunction with the respective legal obligations.

3.3 Processing of Business Contacts, Marketing and Advertising
If MHPSE has received your business contact data within the scope of a business event, business appointments, seminars or similar or within the scope of a business initiation or order (e.g. within the scope of handing over business cards),
MHPSE stores your contact data in the CRM system (Customer Relationship Management System) for the purpose of maintaining and managing business contacts. The legal basis is Art. 6 para. 1 s. 1 lit. f GDPR. The legitimate interest arises from the aforementioned purposes.
MHPSE also uses the contact data for the purpose of sending event invitations, information brochures or other information on products and topics (e.g. on current topics in the field of energy generation), events etc. to business partners and potential interested parties. If your business contact details are publicly accessible (e.g. via the company website or professional networks such as Xing, LinkedIn) and MHPSE events and/or services may be of interest to you due to your business activities, MHPSE may also use and store your business contact details for the aforementioned purposes.
If you have given MHPSE your consent to this, your contact data will be used for these purposes on the basis of Art. 6 para. 1 s. 1 lit. a, Art. 7 GDPR. Your consent is freely revocable at any time (cf. Article 7 thereon). For the rest, the use of your contact data for the aforementioned purposes is subject to the requirements of Art. 6 para. 1 s. 1 lit. f GDPR. The legitimate interest of MHPSE lies in customer care and the acquisition of new business contacts. If you do not wish information material and/or event invitations to be sent and your contact data to be used for these purposes, you may object to this at any time (cf. Article 8 thereon).

3.4 IT Security
In order to ensure the security, stability, integrity and functionality of the IT systems and IT operations, as well as the security of the data stored and the data processing operations at MHPSE, it may be necessary to process the personal data stored in the MHPSE IT systems (e.g. when creating backups or performing tests). The legal basis for this processing of personal data is Art. 6, para. 1, s. 1 (f) GDPR. The legitimate interest arises from the aforementioned purposes.

4. Place of data processing
The processing of personal data generally takes place in states of the European Union (EU) or the European Economic Area (EEA). If MHPSE transfers personal data to affiliated group companies or service providers in countries outside the EU/EEA (so-called third countries), the transfer will only take place if the third country has been confirmed an appropriate level of data protection by the EU Commission or other appropriate data protection guarantees (e.g. EU standard contractual clauses) are in place.

5. Storage Time
As a matter of principle, MHPSE stores your personal data only for as long as this is necessary to perform the processing purposes described in these Privacy Policy provisions or statutory requirements or filing duties. Other major filing duties arise under commercial law (in particular the storage of commercial and business letters for 6 years and of accounting documents for 10 years, section 257 German Commercial Code (Handelsgesetzbuch hereinafter "HGB"), under tax law (in particular filing of accounting documents for 10 years and of other tax-relevant documents for 6 years, section 147 Fiscal Code (Abgabenordnung, hereinafter "AO") and under anti-money laundering law (filing of records and other documents as defined in section 8 para. 1 to 3 GwG for 5 years from the end of the calendar year in which the business relations ended, section 8 para. 4 GwG).
After expiry of the statutory filing periods, the data and documents are erased or destroyed unless MHPSE requires the same to protect its own professional interests taking account of the limitation period stipulated in section 199 para. 3 German Civil Code (Bürgerliches Gesetzbuch, hereinafter "BGB") for a period of 10 years, beginning with the end of the year in which the relevant engagement was ended or unless the data subject has consented to a longer period of storage.

6. Recipients and categories of recipients
Where this is necessary to administer contractual relationships, your personal data are transferred to third parties or other organizations. This includes in particular the transfer to service providers (e.g. forwarding agents) for the purpose of proper order processing.
MHPSE also uses external service providers who may have access to personal data within the scope of their activities for MHPSE (e.g. postal/transport services, IT service providers, waste disposal companies). Such service providers are only commissioned in accordance with the relevant data protection regulations.

7. Rights of data subjects
In connection with the processing of personal data, you as a data subject are entitled to the following rights under the GDPR:

Right to information: Pursuant to Art. 15 GDPR, you have the right to ask for information at all times about your personal data processed by MHPSE and receive the information listed in Art. 15 paras. 1 and 2 GDPR in connection with processing. In accordance with your right to information, you have the right to receive a copy of your personal data subject to the requirements of Art. 15 para. 3 GDPR. The restrictions of the right to information under Art. 15 para. 4 GDPR and section 34 Federal Data Protection Act (Bundesdatenschutzgesetz, hereinafter "BDSG") must be observed.

Right to rectification: In accordance with Art. 16 GDPR, you may require rectification of your personal data stored by MHPSE if they are inaccurate or their completion if they are incomplete.

Right to erasure: In accordance with Art. 17 GDPR, you may require the erasure of your personal data stored at MHPSE, unless processing is necessary to fulfil a legal obligation or to assert, exercise or defend legal claims. The further restrictions under Art. 17 para. 3 GDPR and section 35 BDSG must be observed.

Right to restriction of processing: Subject to the requirements of Art. 18 GDPR, you have the right to restrict processing of your personal data. In this event, your personal data - apart from their storage - may only be processed with your consent or subject to the requirements of Art. 18 para. 2 GDPR.

Right to data portability: Subject to the requirements of Art. 20 GDPR, you have the right to receive your personal data which you have provided to MHPSE in a structured, common and machine-readable format or, as far as technically feasible, to request transfer directly to another controller.

Revocation of consent granted: In accordance with Art. 7 para. 3 GDPR, you are entitled to withdraw at any time your consent after once having given it to MHPSE. The consequence of this is that MHPSE may not continue the data processing, which was based on this consent, in the future.
If you would like to exercise the rights listed above, please contact MHPSE's data protection officer (cf. Article 2).

8. Right to object
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 para. 1 s. 1 lit. f GDPR or on grounds of public interest in accordance with Art. 6 para. 1 s. 1 lit. e GDPR, you have the right, in accordance with Art. 21 GDPR, to lodge an objection to the processing of your personal data at any time, if there are grounds for the objection arising from your particular situation.
In the event of a justified objection to the processing of your personal data under Art. 6 para. 1 s. 1 lit. e or f GDPR, we must refrain from any further processing of your data unless it is necessary on grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. The right to objection is subject to the restrictions of section 36 BDSG.
If your personal data are processed for direct marketing purposes, you have the right to object at any time without restriction to the processing of your data for such direct marketing purposes. The statement of reasons is not required. This also applies to profiling that it is related to such direct marketing. In the event of your objection to the processing of your personal data for direct marketing purposes, we must refrain from any further processing of your data for such purposes.
The objection can be addressed form-free to the Data Protection Officer (cf. Article 2).

9. Right to lodge a complaint with the supervisory authority
If you are of the opinion that the processing of your personal data by us infringes data-protection regulations, you also have the right to lodge a complaint with a supervisory authority under Art. 77 GDPR.
To this purpose, you can normally contact the supervisory authority at your usual place of residence or place of work or at the place of the suspected infringement. In North Rhine-Westphalia, the LDI NRW (Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen) is the competent supervisory authority which can be contacted as follows:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen,
Postfach 200444,
40102 Düsseldorf,
Telephone: 0211/38424-0, Fax: 0211/38424-10, E-mail: poststelle@ldi.nrw.de