Group

Data protection policy for business partners and their contacts

1. Who is responsible for processing your personal data and who can you contact in this regard?

The following entity is responsible for data processing:

KHS GmbH
Juchostraße 20
44143 Dortmund
Germany
Phone: +49 231 569 0
Fax: +49 231 569 1541

You can contact our data protection officer at the above address and phone number or by sending an email to privacy[at]khs.com.

2. Which data do we use and how do we collect this?

In the course of establishing and maintaining business relations we process the following particular categories of data from our business partners and/or their contacts which we have directly received from the same, from subsidiaries of KHS GmbH, from sales representatives or from other third parties by permissible means (e.g. to perform contracts or on the basis of given consent). We also process data which we have legitimately obtained from publicly accessible sources (e.g. commercial registers, the press or the Internet):

a. Interested parties and other business partners

  • Personal/contact data (e.g. first name, last name, company (where applicable), address, (cell) phone number, fax, email).
  • Communication data in conjunction with correspondence (emails, letters).

b. Customers

  • Personal/contact data (e.g. first name, last name, company, (cell) phone number, fax, email).
  • Contractual and invoice data (e.g. bank details, ordered goods, invoicing details).
  • Communication data in conjunction with correspondence (emails, letters).
  • Legitimation data (e.g. identity papers), authentication data (e.g. sample signatures), credit checks.

c. Suppliers and service providers

  • Personal/contact data (e.g. first name, last name, company, (cell) phone number, fax, email).
  • Contractual and invoice data (e.g. bank details, ordered goods, invoicing details).
  • Communication data in conjunction with correspondence (emails, letters).
  • Legitimation data (e.g. identity papers), authentication data (e.g. sample signatures).

d. Managing directors and other contacts of the subsidiaries and affiliated companies of KHS GmbH

  • Personal/contact data (e.g. first name, last name, company, business address, (cell) phone number, fax, email).
  • Communication data in conjunction with correspondence (emails, letters).
  • Details of participation in internal events.
  • For mandate holders and board members: information on the mandate, commercial register entry, date of birth, private address.
3. For what purpose and on which legal grounds is your data processed?

The purpose of the KHS Group is the manufacture and international sale of filling and packaging systems for the beverage, food and non-food industries. Data is processed to the above ends and in accordance with the provisions of the EU General Data Protection Regulation (GDPR), Federal Data Protection Act (FDPA) and all further relevant laws (e.g. the German Commercial Code (HGB) and German Fiscal Code (AO), etc.).

a. To perform a contract or take steps prior to entering into a contract (Art. 6, paragraph 1b) GDPR)

This constitutes the processing of personal data to perform contracts with our customers, suppliers and service providers. It also includes the steps taken prior to entering into a contract at the request of the respective business partner.

b. For the pursuit of legitimate interests (Art. 6, paragraph 1f) GDPR)

If necessary we shall process your data above and beyond the actual performance of the contract in order to pursue our legitimate interests or those of a third party.

For example:

  • Assertion of legal claims and defense in legal disputes.
  • For the purpose of internal administration within the company group.
  • To ensure IT security and IT operation.
  • To prevent criminal acts.
  • To protect property and prevent theft (video).
  • For access control.
  • To inspect and optimize procedures for analysis of demand and for direct customer contact.
  • For advertising or market research and opinion polling provided that you have not objected to the use of your data.
  • To stage events within the company group.

c. On the basis of consent (Art. 6, paragraph 1a) GDPR)

Should you have given us your consent to process your personal data for specified purposes (e.g. for newsletters), the lawfulness of this data processing is provided on the basis of your consent. Your given consent can be withdrawn for the future at any time. This also applies to the withdrawal of declarations of consent granted to us prior to the validity of the GDPR, i.e. before May 25, 2018. Please note that the withdrawal of your consent is only valid for the future. Data processed before your consent was withdrawn remains unaffected.

d. On the basis of legal provisions (Art. 6, paragraph 1c) GDPR) or in the interests of the public (Art. 6, paragraph 1e) GDPR)

Moreover, we are governed by various legal obligations, i.e. statutory requirements such as tax law provisions. Should your data fall under these obligations, this shall be stored until the respective obligation has come to an end.

4. Who receives your data?

Within our company group (KHS GmbH, including its subsidiaries) those offices shall be given access to your data which require it to meet our contractual and legal obligations and/or serve the aforementioned purposes. The service providers and vicarious agents commissioned by us may also receive data to this end.

Data will only be transferred outside the company group if legal regulations require it or you have given your consent to the same.

All recipients are obliged to adhere to the provisions of data protection law.

Under these conditions recipients of personal data may be:

  • Public offices and institutions (e.g. tax authorities) if a statutory or regulatory obligation exists to this effect.
  • Processors we transfer personal data to in order to uphold our business relations with you (e.g. support for/maintenance of IT systems, destruction of data, payment transactions, accounting).
  • Those agencies for which you have given us your consent, where applicable, for the transfer of data.

Data shall only be transferred to countries outside the EU or the EEA (also known as nonmember countries) if this is necessary to perform the contract, required by law, you have given us your consent or in the context of order processing. If service providers in nonmember states are used, a suitable level of data protection shall be ensured.

5. How long is your data stored for?

We process and save your personal data for as long as required to serve the purposes named in Section 3. In this regard it must be noted that many of our business relations are long term. If data for the performance of contractual or legal obligations is no longer required, this shall be deleted on a regular basis unless the restricted further processing thereof is necessary for the following purposes:

  • Compliance with storage periods under commercial and fiscal law, e.g. pursuant to the German Commercial Code or German Fiscal Code. The periods given herein amount to two to ten years.
  • The retaining of evidence according to the provisions governing limitations (e.g. Section 195 et seqq. of the German Civil Code).
6. What data protection rights do you have?

Every person affected has the right to information pursuant to Art. 15 GDPR, to correction pursuant to Art. 16 GDPR, to deletion pursuant to Art. 17 GDPR, to the limitation of processing pursuant to Art. 18 GDPR, to object under Art. 21 GDPR and to data portability under Art. 20 GDPR. In the case of the right to information and the right to deletion the restrictions set out in Sections 34 and 35 FDPA apply. In addition, data subjects have a right to complain to the data protection supervisory authority responsible (Art. 77 GDPR in conjunction with Section 19 FDPA).

The data protection supervisory authority responsible for us is:

The North Rhine-Westphalia State Commissioner for the Protection of Data and Freedom of Information
Kavalleriestraße 2–4
40213 Düsseldorf
Germany
Phone: +49 211 38424 0
Fax: +49 211 38424 10
Email: poststelle[at]ldi.nrw.de

If you have a complaint, we would please ask that you first contact our data protection officer at privacy[at]khs.com.

You can withdraw your given consent to the processing of your personal data at any time. This also applies to the withdrawal of declarations of consent granted to us prior to the validity of the GDPR, i.e. before May 25, 2018. Please note that the withdrawal of your consent is only valid for the future. Data processed before your consent was withdrawn remains unaffected.

7. Do you have an obligation to provide data?

Within the context of our business relationship you must provide the personal data which is required for the establishing and maintenance of business relations and for the fulfillment of all associated contractual obligations or which we are obliged by law to collect.

8. Information on your right to object according to Art. 21 GDPR

a. Individual right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning yourself which is based on Article 6, paragraph 1e) GDPR (data processing in the public interest) and Article 6, paragraph 1f) GDPR (data processing for the pursuit of legitimate interests). If you object, we shall no longer process your personal data unless we can demonstrate compelling grounds meriting protection for the processing thereof which override your interests, rights and freedoms or if processing serves to establish, exercise or defend legal claims.

b. Right to object to data processing for advertising purposes

In individual cases we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning yourself for the purpose of such marketing. Should you object to data processing for direct marketing purposes, we shall no longer use your personal data for such purposes. You may exercise your right to object without any requirements as to form by sending an email to privacy[at]khs.com.