Data Privacy Statement and Consents (GDPR 2018) Resonac Europe GmbH
Index of contents
2. Data Protection Officer:
3. Basic information as to data processing
4. Processing of personal data
5. Transfer to third parties and categories of recipients
6. International data transfer
7. Storage of user data for order fulfilment and initial business contact
8. Involvement of services and contents of third parties
9. Collection of access data
10. Cookies & range measurement
11. Rights of the data subjects and deletion of data
12. Changes of the data privacy statement
This data privacy statement explains the kind, extent and purpose of the processing (among others, collection, processing and usage as well as the obtaining of consents) of personal data within our online- and offline offer and of the connected websites, functions and contents (subsequently jointly designated as “online offer“ or “website”) pursuant to the General Data Protection Regulation (EU) 2016/679 (“GDPR”). The data privacy statement applies independently of the used domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed. Besides, the data privacy statement also applies to all offers and contact possibilities in case of which personal data have to be stored in the online and offline area.
The offeror of the online offer and the data controller is:
Resonac Europe GmbH
CEO: Takashi Kotsuka
Tel.: +49 (0) 89 9399 62 0
Fax: +49 (0) 89 9399 62 50
The term “user” or “data subject” comprises all customers and visitors of our online- and offline offer. The used terms such as e.g. “user” or “data subjects” have to be understood as gender-free.^
The data privacy statement is also available digitally:
60313 Frankfurt am Main
Phone: +49 69 45 00 12 390
We process personal data only subject to the relevant data protection regulations corresponding to the requirements of saving and avoiding data. This means that the data of the users are only processed when there exists a legal permission, especially if the data are necessary or required by law for rendering our contractual services as well as for rendering our online-services of if there is consent at hand.
We take organisational, contractual and technical safety measures corresponding to the state of the art in order to make sure that the provisions of the data protection laws are complied with and in order to protect therewith the data processed by us against accidental or intentional manipulations, loss, and destruction or against the access of unauthorized persons.
As far as there are contents, tools or other means used by third parties (subsequently jointly designated as „third-party offeror“) within the scope of this data privacy statement and as far as their named residence is abroad, it has to be assumed that a data transfer takes place into the states where the third-parties are domiciled. The transfer of data to third-party states complies with Chapter V of the GDPR.
Apart from the usage expressly stated in this data privacy statement, the personal data will be processed for the following purposes on the basis of legal permissions or consents of the users:
- The provision, execution, care, optimization and protection of our services, service and user performances
- the warranty of an effective customer service and technical support.
- for the technical realisation of our website and in order to be able to provide you our information on this website (e.g. IP-address, cookies, browser information).
- in order to accept and process an application of yours for one of our job offers.
When contacting us (via contact form or e-mail) the information provided to us via the message will be saved and processed for the purpose of processing the request/message as well as for any follow-up questions.
Personal data will be deleted, as soon as they fulfil their purpose and the deletion of such data will not infringe any applicable storage obligations or if there are no legal rights to store such personal data.
We transfer the data of the users to third parties only if this is necessary for the purposes of accounting (e.g. to a payment service provider) or for other purposes if these are necessary in order to fulfil our contractual obligations towards the users (e.g. notification of address to suppliers, transfer of data to distributors in cases in which we do not intend a house-to-house distribution).
The transfer of your personal data is done as described subsequently.
The hosting of the website is done at an external service provider in Germany. Hereby we make sure that the data processing is done in Germany solely. This is necessary for the operation of the website as well as for the establishment, the execution and the handling of the existing leasing contract and it is also possible without your consent.
In addition, a transfer is done when we are entitled or obliged to do so due to legal provisions and/or due to official or judicial directives. This might especially be the disclosure for the purposes of prosecution, averting of a danger or for the enforcement of intellectual property rights.
As far as your data are passed on to service providers in the required extent, those will only have access to your personal data as far as this is necessary for the fulfilment of their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, especially in accordance with the GDPR.
We reserve the transfer of customer data to our official distributors, and with this data privacy statement you expressly agree with this transfer. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, especially in accordance with the GDPR.
Beyond the aforementioned circumstances, we will basically not transfer your data to third parties without your consent. We will especially not pass on any personal data to a place in a third country or to an international organization.
In general, our internal processes require a transfer of all data to and the processing of such data (including personal data) by our holding company in Japan, due to the global strategy and structure of our group (see also section 6 below). This applies in particular to our marketing activities. In this regard we specifically point out that within the EU / EEA Member States we consolidate our marketing activities with other Showa Denko group entities also located in the EU / EEA. Therefore, such Showa Denko entities located in the EU/EEA as well as the SHOWA DENKO K.K. in Japan also receive the personal data of our business partners for marketing purposes and act as independent controllers in this regard. We inform the respective data subjects about this situation explicitly within the respective consent declarations.
In the course of our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the EU / the EEA, i.e. in third countries.
In particular, please note that Showa Denko’s holding company is Showa DENKO K.K.. which is based in Japan. For Japan, there is an adequacy decision by the European Commission with regard to the level of data protection prevailing there. In addition, Showa Denko has other group companies in third countries. An overview of this can be found at: https://www.sdk.co.jp/english/about/network/oversea.html.
Any such processing outside the EU / EEA will only be carried out to fulfil contractual and business obligations and to maintain your business relationship with us, or will be based on your express consent. We will inform you about the respective details of the transfer in the relevant places below.
The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact us if you would like more information on this.
All personal data that have to happen in order to prepare the order resp. to handle the order, such as e.g. the preparation of opportunities, technical or logistic support, information useful for the user (interested party), offers and order confirmations, handlings of delivery, billing and other necessary documents are stored by us in SAP by Design in the SAP Cloud. You may receive further information under https://www.sap.com/products/business-bydesign.html.
For communication and evaluation of personal data, the corresponding Microsoft Office programs such as e.g. Excel, Outlook are used.
As a summary, we collect and process the following data by you via our website:
- General contact data:
- Desired product
- Contents of the message
Data marked with * are mandatory items.
It may happen that contents or services of third-party offerors, such as for example city maps or fonts are integrated within our online offer by other websites. The integration of contents of the third-party offerors always implies that the third-party offerors perceive the IP-address of the users because they would be unable to send the contents to the browser of the users without the IP-address. The IP-address is thus required for the display of these contents. Furthermore, the offerors of the third-party contents may place own cookies and may process the data of the users for their own purposes. Thereby, usage profiles of the users may be created from the processed data. We will deploy these contents as sparingly and data-avoiding as possible with regard to data and we will select reliable third-party offerors with regard to data security.
The subsequent display provides an overview of third-party offerors as well as of their contents, plus links to their data privacy statements containing further hints as to the processing of data and, partially already mentioned here, possibilities for objection (so called opt-out) or consent apply:
- Maps of the service “Google Maps” of the third-party offeror Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, placed. Data privacy statement: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
- Cookie consent with Borlabs Cookie. Our website uses Borlabs Cookie’s cookie consent technology to obtain your consent to store certain cookies in your browser and to document it in a privacy-compliant manner. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg (hereinafter Borlabs).
When you enter our website, a Borlabs cookie is stored in your browser, in which the consents you have given or the revocation of these consents are stored. This data is not shared with the Borlabs cookie provider.
The collected data will be stored until you request us to delete it or until you delete the Borlabs cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected. Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.
- Salesforce CRM tool for our customer relationship management. The Salesforce CRM Tool is a tool of Salesforce.com, headquartered in San Fransisco, USA. Further information on data protection can be found at https://www.salesforce.com/de/company/privacy/. We use this tool exclusively for our B2B customers, insofar as they have consented to the processing of their contact data for marketing purposes or we have legal permission for such processing.
- Oracle Eloqua Marketing Automation for our B2B-Marketing-Campaigns. Eloqua is a tool of the Oracle Corporation (seat in Austin, Texas, USA). Further information about Oracle data protection processes can be found here: https://www.oracle.com/de/cx/marketing/automation/. We use this tool only for our B2B business partners and only if the respective natural persons have
We collect data on every access to the server on which this service is located (so-called server log files). The access data include the name of the called website, data, date and time of the call, transferred data amount, notification on successful call, browser type plus version, the user’s operating system, referrer URL (the site previously visited), IP-address and the requesting provider.
We use the protocol data without allocation to the person of the user or other profile creation corresponding to the legal provisions only for statistical evaluations for the purpose of operation, safety and the optimisation of our online-offer. However, we reserve the right to revise the protocol data subsequently if there is due to concrete clues the justified suspicion of an illegal usage.
Please note that all cookies, which require a consent (this means such cookies, which are not required for the operation and the functionality of the website), have to be explicitly authorized by you via our cookie-banner (consent), before they are activated. In the following we provide you with general information about the functionality of cookies and in particular about specific cookies and tracking tools, which activity you can individually control via the cookie-banner.
On our website, information is collected and stored by the use of so-called browser-cookies. Cookies are small text files that are stored on your data carrier and which store certain adjustments and data for the exchange with our system via your browser. As a rule, a cookie includes the name of the domain from which the cookie-data were sent as well as information on the age of the cookie and an alphanumeric identifier.
Cookies facilitate our systems to recognize the device of the user and to make available possible pre-settings immediately, as soon as a user accesses the platform, a cookie will be transferred to the hard disk of the computer of the respective user. Cookies help us to improve our website and to offer you a better service, even more specific to you. They facilitate us to recognize your computer resp. your (mobile) end device again when you return to our website and thereby to:
- store information on your preferred activities on the website and thus to orient our website toward your individual interests.
- accelerate the speed of the handling of your requests.
We work together with services of third parties which support us in making the internet offer and the website more interesting for you. Therefore, cookies by these partner companies (third party offerors) are stored on your hard disk during a visit of the website, too. These are cookies that delete themselves automatically after the preset time. This online offer may also be viewed to the exclusion of cookies.
The applicable data protection law grants data subjects comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of their personal data, which we inform about below:
Right to information pursuant to Art. 15 DSGVO: In particular, data subjects have the right to obtain information about their personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom their data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, to object to processing, to lodge a complaint with a supervisory authority, the origin of their data if it has not been collected by us from the data subjects, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as the right to be informed about the safeguards pursuant to Article 46 GDPR in case of onward transfer of their data to third countries;
Right to rectification pursuant to Art. 16 GDPR: Data subjects have a right to immediate rectification of incorrect data concerning them and/or completion of their incomplete data stored by us;
Right to erasure pursuant to Art. 17 DSGVO: Data subjects have the right to request the deletion of their personal data if the conditions of Art. 17 (1) DSGVO are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
Right to restriction of processing pursuant to Art. 18 GDPR: Data subjects have the right to request the restriction of the processing of their personal data as long as the accuracy of their data, which they dispute, is being verified; if data subjects refuse to have their data erased because of unlawful data processing and instead request the restriction of the processing of their data; if data subjects need their data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved; or if data subjects have lodged an objection on grounds relating to their particular situation as long as it has not yet been determined whether our legitimate grounds prevail;
Right to information pursuant to Art. 19 DSGVO: If data subjects have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning the data subject have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Data subjects have the right to be informed about these recipients.
Right to data portability pursuant to Art. 20 DSGVO: Data subjects have the right to receive their personal data that they have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;
Right to withdraw consent given in accordance with Art. 7(3) DSGVO: Data subjects have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;
Right to lodge a complaint pursuant to Art. 77 GDPR: If data subjects consider that the processing of personal data concerning them infringes the GDPR, they have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of their place of residence, place of work or place of the alleged infringement.
RIGHT OF OBJECTION
INSOFAR AS WE PROCESS PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, USERS HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM THEIR PARTICULAR SITUATION.
IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.
WHERE WE PROCESS PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, DATA SUBJECTS SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING THEM FOR THE PURPOSES OF SUCH MARKETING. DATA SUBJECTS MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.
IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.
We reserve the right to change the data privacy statement in order adjust it to changed legal situations or in case of changes of the service and the data processing. However, that only applies in view of declarations as to data processing. As far as consents of the users are required or as far as components of the data privacy statement contain regulations of the contractual relationship with the users, the changes will only be done with the consent of the users.
The users are asked to keep themselves informed regularly on the contents of the data privacy statement.