Privacy Policy – Clean Planet Program Portal
01.01.2022
With the following information we would like to inform you about the processing of your personal data by us and your rights resulting from the data protection laws and especially from the general data protection regulation (regulation (EU) 2016/679 - "GDPR").
1 Controller and data protection officer
2 What are my rights as a data subject?
3 General information regarding the topic „purposes“
4 General information regarding the topic „legal bases“
4.1 Legal bases for the processing of personal data
4.2 Legal bases for the processing of special categories of personal data
5 General information regarding the topic „obligation to preserve records and time limits of erasure“
6 General information regarding the topic „disclosure of personal data“
7 Cookies
7. 1 General information regarding the topic „cookies“
8 In the context of which processing activities are my personal data processed?
8.1 Processing activity – visiting of our website
8.2 Processing activity – Consent Management Platform
8.3 Processing activity – General Use of the Service
8.4 Processing activity – User Accounts (Registration and Login)
8.5 Processing activity –Placing, Execution and Invoicing of Orders
8.6 Processing activity –Contact and Service Inquiries
9 Konica Minolta Global Policy
1 Controller and data protection officer
Controller in accordance with Art. 4 (7) GDPR is:
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen
Tel.: +49 (0)511 7404-0
Email: info@konicaminolta.eu
https://www.konicaminolta.eu/eu-en/imprint
If you have any questions concerning data protection, you are welcome to contact our company data protection officer:
Dr. Frederike Rehker
Konica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen
Tel.: +49 (0)511 7404-0
Email: dataprotection@konicaminolta.eu
If you have technical issues, please contact us via :
cleanplanetprogram@konicaminolta.eu
2 What are my rights as a data subject?
As a data subject, you have the following rights:
2.1 Right of access (Art. 15 GDPR): You have the right to be informed at any time of the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period.
2.2 Right of rectification (Art. 16 GDPR): You have the right to request the rectification or completion of personal data concerning you that is incorrect or incomplete.
2.3 Right to erasure („right to be forgotten“) (Art. 17 GDPR): You have the right to request the immediate erasure of your personal data. In particular, we are obliged as the responsible party to delete your data in the following cases:
- Your personal data is no longer needed for the purposes for which it was collected.
- A processing of your personal data took place solely on the basis of your consent, which you have now withdrawn, and there is no other legal basis that legitimises a processing of your personal data.
- You have objected to a processing which is based on the legitimate or public interest and we cannot prove that there are legitimate grounds for processing.
- Your personal data has been processed unlawfully.
- The erasure of your personal data is necessary in order to comply with a legal obligation to which we are subject.
- Your personal data has been collected in connection with information society services offered in accordance with Art. 8 I GDPR.
Please be aware that the right to erasure is subject to a limitation in the following cases, so that a deletion is excluded:
- Your personal data is used to exercise the right to freedom of expression and information.
- Your personal data serves to fulfil a legal obligation to which we are subject.
- Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
- Your personal data serves the public interest in the field of public health.
- Your personal data are necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
- Your personal data serve for us to establishment, exercise or defend legal claims.
2.4 Right of restriction of processing (Art. 18 GDPR): You also have the right to request that the processing of your personal data be restricted; in such a case, your personal data will be excluded from any processing. This right applies if:
- You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
- The processing of your personal data is unlawful and instead of erasing your personal data, you request a restriction of processing.
- We no longer need your personal data for the fulfilment of the specific purposes, but you still need this personal data to establish, exercise or defend legal claims.
- You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.
2.5 Right of data portability (Art. 20 GDPR): You have the right to receive the personal data concerning you that you have provided to us as a controller in a structured, common and machine-readable format and to transfer it to another controller. Furthermore, you also have the right to request that your personal data be transferred from us to another controller, insofar as this is technically feasible.
The requirements for the applicability of data portability are:
- Your personal data is automatically processed based on your consent or a contract.
- Your personal data does not serve to fulfil a legal obligation to which we are subject.
- Your personal data will not be used to perform a task that is in the public interest.
- Your personal data do not serve for the performance of a task which is performed in the exercise of a official authority delegated to us.
- The exercise of your right shall not interfere with the rights and freedoms of others.
2.6 Right to object (Art. 21 GDPR): You have the right at any time to object to the processing of your personal data on grounds arising from your particular situation. This also applies to profiling. The requirement for this is that the processing is based on a legitimate interest on our part (Art. 6 I 1 lit. f GDPR) or the public interest (Art. 6 I 1 lit. e GDPR).
Furthermore, you may also at any time object to the processing of your personal data for the purposes of direct marketing or profiling linked to such direct marketing.
Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case whether we can show grounds worthy of protection that override your interests and rights and freedoms. In the event that there are no reasons worthy of protection on our part or your interests as well as rights and freedoms override our own, your personal data will no longer be processed. An exception is made if your personal data is still used for the establishment, exercise or defence of legal claims. If you object to the processing of your personal data for the purposes of direct marketing or profiling, insofar as this is linked to such direct marketing, your personal data will no longer be processed for these purposes.
2.7 Right to lodge a complaint with the supervisory authority (Art. 77 GDPR): Right to lodge a complaint with the supervisory authority (Art. 77 DPA): You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the data protection regulations.2.7 Right to lodge a complaint with the supervisory authority (Art. 77 GDPR): Right to lodge a complaint with the supervisory authority (Art. 77 DPA): You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the data protection regulations.
The address of the supervisory authority responsible for our company is:
Barbara Thiel
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Telephone +49 (0) 511-120 4500
Fax +49 (0) 511-120 4599
poststelle@lfd.niedersachsen.de
2.8 Right of withdrawal (Art. 7 GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without giving reasons and in an informal manner. Withdrawal of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent up to the section of withdrawal.2.8 Right of withdrawal (Art. 7 GDPR): If you have given us consent to process your personal data, you can withdraw this consent at any time without giving reasons and in an informal manner. Withdrawal of consent does not affect the lawfulness of the processing that has taken place on the basis of the consent up to the section of withdrawal.
3 General information regarding the topic „purposes“3 General information regarding the topic „purposes“
As a matter of principle, the processing of your personal data by us is always linked to a specified, explicit and legitimate purpose, which has already been defined before the processing activity is commenced, in accordance with the principle of purpose limitation under Art. 5 I lit. b GDPR. In the further course of this privacy policy, when a processing activity is cited, a description of the specific purpose is also included.
4 General information regarding the topic „legal bases“
We process your personal data in accordance with the GDPR. Accordingly, the processing of your personal data is always founded on a legal basis. Article 6 of the GDPR defines legal bases for the processing of personal data.
4.1 Legal bases for the processing of personal data
Consent
If we obtain your consent for the processing of your personal data, the processing will be carried out on the legal basis of Art. 6 I 1 lit. a GDPR. The following example serves to clarify this legal basis: You receive advertising from us by electronic mail and/or telephone and have given your prior consent.
Contract or pre-contractual measure
If the processing of your personal data is necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures taken in response to your request, the legal basis on which our processing is based is Art. 6 I 1 lit. b GDPR.
Legal obligation
In cases where the processing of your personal data is necessary to comply with a legal obligation to which we are subject, this processing is based on Art. 6 I 1 lit. c GDPR.
Vital interest
Should the processing of your personal data be necessary to protect your vital interests or those of another person, this processing is carried out in accordance with Art. 6 I 1 lit. d GDPR.
Public interest
In cases where we process your personal data in order to perform a task which is in the public interest or in the exercise of official authority delegated to us, Art. 6 I 1 lit. e GDPR constitutes the legal basis.
Legitimate interest
If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and at the same time the interests, basic rights and fundamental freedoms of the data subject, which require the protection of personal data, do not override our legitimate interest, Art. 6 I 1 lit. f GDPR serves as the legal basis for the processing.
4.2 Legal bases for the processing of special categories of personal data
If, in extraordinary cases, we need to process special categories of personal data, such as
- data on racial or ethnic origin (e.g. skin color or special languages),- data on racial or ethnic origin (e.g. skin color or special languages),
- data on political opinions (e.g. party memberships),- data on political opinions (e.g. party memberships),
- data on religious or philosophical beliefs (e.g. membership of a sect),- data on religious or philosophical beliefs (e.g. membership of a sect),
- data on trade union membership,- data on trade union membership,
- genetic data,- genetic data,
- biometric data (e.g. fingerprints or photographs),- biometric data (e.g. fingerprints or photographs),
- health data (e.g. identification numbers for disabilities),- health data (e.g. identification numbers for disabilities),
- or data concerning the sex life or sexual orientation- or data concerning the sex life or sexual orientation
by you, this processing is based on one of the following legal bases, which are de-fined in Article 9 GDPR:
Explicit consent
If you have given us your explicit consent for the processing of the above categories of personal data, this constitutes the legal basis for the processing in accordance with Art. 9 II lit. a GDPR.
Performing duties under social security/protection and employment law
If the processing of special categories of personal data relating to you is necessary in order to comply with a legal obligation arising from social security/protection or employment law, the legal basis for this processing is Art. 9 II lit. b GDPR.
Protection of vital interests
If the processing of special categories of personal data relating to you should be necessary to protect your vital interests or those of another person, such processing is carried out pursuant to Art. 9 II lit. c GDPR.
Manifestly public data
Insofar as special categories of personal data of yours are processed, which have previously been made public by yourself, the processing of these data is based on Art. 9 II lit. e GDPR.
Establishment / Exercise / Defence of legal claims
Insofar as the processing of the special categories of personal data relating to you serves us to establish, exercise or defend legal claims, Art. 9 II lit. f GDPR constitutes the legal basis for the processing.
Substantial public interest
In the case of the processing of special categories of personal data concerning you in order to safeguard a substantial public interest arising from EU or national law, the processing is based on Art. 9 II lit. g GDPR.
Assessment of the person's work capacity or other medical purposes such as health care
If the processing of special categories of personal data relating to you arises from a law of the EU or a Member State or a contract concluded with a member of a health profession and is carried out for the purposes of preventive health care, occupational medicine, assessment of an employee's work capacity, medical diagnosis, care or treatment in the health or social field or the management of systems and services in the health or social field, this processing is based on Art. 9 II lit. h GDPR.
Public interest in the area of public health
If the processing of special categories of personal data of yours should be necessary for public health reasons, including protection against cross-border health threats such as pandemics, this processing is carried out on the legal basis of Article 9 II lit. i GDPR.
Archival purposes, scientific / historical research purposes, statistical purposes
Should the processing of special categories of personal data relating to you arise from a right of the EU or a member state, which stipulates processing for archiving, scientific or historical research or statistical purposes in the public interest, this processing is based on Art. 9 II lit. j GDPR.
5 General information regarding the topic „obligation to preserve records and time limits of erasure“
Unless otherwise stated, we delete personal data in accordance with Art. 17 GDPR or restrict its processing in accordance with Art. 18 GDPR. Apart from the retention periods stated in this privacy policy, we process and store your personal data only as long as they are necessary for the fulfilment of our contractual and legal obligations. Personal data that is no longer required after the purpose has been fulfilled will be regularly deleted, unless further processing is required for a limited period of time, which may result from other legally permissible purposes. In order to fulfil documentation obligations as well as to comply with statutory obligations to preserve records in Germany, the necessary documents are kept for six years in accordance with § 257 I Commercial Code (HGB) and for ten years in accordance with § 147 I of the Fiscal Code of Germany (AO).
6 General information regarding the topic „disclosure of personal data“
Recipient of your data
We do not sell or rent user data in principle. A transfer to third parties beyond the scope described in this privacy policy will only take place if this is necessary for the processing of the respective requested service. For this purpose, we work together with service providers in the areas of marketing, sales, IT, logistics and human resources, among others. We select these service providers extremely carefully. In other cases we transfer data to requesting governmental authorities. However, this only takes place if there is a legal obligation to do so, for example if a court order exists.
In addition to the other instances mentioned in this data protection statement, a disclosure of personal data may only occur in the following cases:
- To criminal prosecution authorities as well as, if necessary, harmed third parties if necessary to investigate illegal or abusive use of the service. However, this only occurs if there are specific indications for illegal use or misuse. A disclosure can also take place if this serves to enforce the terms and conditions for the use of the service or other agreements or if necessary, to assert, exercise or defend legal claims.
- We are also required by law to provide information to certain governmental agencies. These are the criminal prosecution authorities, public authorities that prosecute administrative misdemeanours sanctioned with fines and the tax authorities.
- To the extent necessary to process a request or order, and in the case of centralised or outsourced business functions, personal data may be transferred to KMBS Affiliates for the purposes set out in this Privacy Policy.
- From time to time we may rely on contracted third parties or other partners and external service providers such as IT service providers, business consultants and financial institutions to fulfil the purposes described herein or to provide our services. In such cases, personal data may be shared with these recipients.
- During the course of the further development of our business, it is possible that the structure of our company will change by changing the legal form, establishing, purchasing or selling subsidiaries, company divisions or parts of the company. In case of such transactions, personal data is passed on together with the part of the business which is transferred. We make sure in the case of each disclosure of personal data to third parties as described above that this takes place in accordance with this data protection statement and applicable data protection laws.
Locations of the processing of your personal data
In principle, we process your data in Germany and in other European countries (EU/EEA). If your data is processed in countries outside the European Union (i.e. in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for our service provision to you. If, in these exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken (i.e. on the basis of an adequacy decision by the EU Commission or by presenting suitable guarantees in accordance with Art. 44ff. GDPR).
7 Cookies
7. 1 General information regarding the topic „cookies“
We use cookies on our website. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information flows to the site that sets the cookie. Many of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).
Cookies are used on our website for various purposes. For a better overview, each cookie has been assigned to one of the following categories:
Technically necessary
Cookies that belong to this category are necessary to ensure the core functionality and/or security of this website. Legal basis: Art. 6 I 1 lit. f GDPR
Functionality
Cookies of this category are used to increase user comfort e.g. by storing preferences such as language settings, text size adjustments, user names or local settings. Legal basis: Art. 6 I 1 lit. a GDPR
Here you will find further information on the administration of cookies for corresponding browsers:
Internet Explorer: How to delete cookie files in Internet Explorer (microsoft.com)
Google Chrome: Clear, enable, and manage cookies in Chrome - Computer - Google Chrome Help
Firefox: Delete browsing, search and download history on Firefox | Firefox Help (mozilla.org)
8 In the context of which processing activities are my personal data processed?
8.1 Processing activity – visiting of our website
If you use our website for purely informative purposes, i.e. if you do not register or provide us with information in any other way, we only collect the personal data that your personal browser sends to our server. This data is technically necessary for the display of the website. Furthermore, this data is technically necessary to ensure the stability and security of our website. The legal basis for the processing of your personal data is in this case Art. 6 I 1 lit. f GDPR; the legitimate interest in this case is the provision and optimal presentation of this website as well as the protection of this website from external attacks and their follow-up. We delete these personal data after the end of the usage process, unless we need them for the purposes of misuse detection and misuse prosecution; in such a case, we retain these data for a maximum of 30 days.
When you visit our website, the following personal data may therefore be processed, which is automatically transmitted from your browser to our servers and stored there in the form of so-called "log files":
- IP address of the end-device used to access the website
- Date, time and duration of the request
- Country of origin of the request
- Content of the request (concrete page / file)
- Access status/http status code (e.g. "200 OK")
- Internet address of the website from which the request to access our website was made
- Browser
- Operating system and user interface
- Language and version of the browser software
- Amount of data transmitted in each case
- Time zone difference to Greenwich Mean Time (GMT)
8.2 Processing activity – Consent Management Platform
On our website we use the usercentrics. With the help of this tool, we can give the visitor of our website both an overview of the essential software solutions used and the possibility to decide on the use of any other software solutions that require prior consent. Furthermore, with the help of the platform, we can meet the requirement resulting from the GDPR for consent management, which provides, among other things, the possibility to prove that consents have been given or not.
In the context of the use of the Cookie Consent Management Platform, the following data may be processed
- Consent data
o Consent -ID
o Consent status (Opt-in, Opt-out)
o Consent timestamp
- Language of consent banner
- Version of the banner template
- Device data (http Agent, http Referrer)
The use of the Cookiebot Consent Management Platform and the associated processing of personal data serves to fulfill legal obligations within the meaning of Art. 6 I 1 lit. c GDPR. Thus, the use of the platform is necessary both to comply with the obligation to provide documentary evidence within the meaning of Art. 5 II GDPR and the legal obligation resulting from the judgment "ECLI:EU:C:2019:801" of the European Court of Justice and the related judgment "I ZR 7/16" of the German Federal Court of Justice, according to which § 15 III 1 of the German Telemedia Act (TMG) is to be interpreted with regard to Art. 5 III 1 of Directive 2000/58/EC in such a way that the service provider may only use cookies to create usage profiles for the purposes of advertising or market research with the consent of the user.
Deletion of your personal data in connection with the use of the Cookie Consent Management Platform will take place as soon as it is no longer required to fulfill the purpose. In case of withdrawal of consent, we retain the information regarding the withdrawal for three years. The retention results on the one hand from the accountability according to Art. 5 II GDPR and on the other hand from the regular statute of limitations according to § 195 German Civil Code (BGB). The period of this limitation begins according to § 199 BGB with the end of the year in which the claim arose. Thus, the statute of limitations begins at the end of December 31 of the year in which the withdrawal occurred and ends three years later on December 31 at 00:00.
8.3 Processing activity – General Use of the Service
When using the service, we process certain information automatically. This includes: the IP address or device ID assigned to the respective end user device, which we require for the transmission of requested content (e.g. in particular content, texts, images and product information as well as files made available for download, etc.), the type of end user device, the URL of the previously visited services, the browser type and operating system used and the date and time of use.
This data processing takes place in order to facilitate the use of the service.
We hold this information for a maximum of one month for the purpose of recognizing and pursuing misuse.
Aside from this, we delete or anonymize these usage data, including the IP addresses, without undue delay as soon as they are no longer needed for the above mentioned purposes.
The data processing is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the provision of the service to the user (Art. 6 I 1 lit. b GDPR), or because we have a legitimate interest in safeguarding the security and functionality of our service as well as its proper use without the affected data subjects having an overriding interest (Art. 6 I 1 lit. f GDPR).
8.4 Processing activity – User Accounts (Registration and Login)
In order to use our service, a user account must be set up.
When registering for a user account, the following information must be provided (jointly “Customer Data”)
- First and last name
- A valid e-mail address and phone number
- Company name of customer and branch
- Address or several addresses (street address, city, postal code, country)
When setting up a user account, an individual password must be created. This password can be changed at any time.
In order to login to a user account, the following data must be entered:
- User identification (e-mail address provided during the registration)
- Password
The data processing is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the provision of this functionality to the user (Art. 6 I 1 lit. b GDPR).
8.5 Processing activity –Placing, Execution and Invoicing of Orders
The service allows the ordering of certain services. When an order is placed on our service, we collect further data in addition to the Customer Data. Depending on the requested service and processing status, this data may include the following information (jointly “Order Data”):
- Order number
- Messages and communication relating to the order
- Order status
- Optional: Name and contact details of another contact person at the customer
We will use the Order Data and respective Customer Data to render the requested service (e.g. scheduling a pickup, creating required documentation etc.). We will use the provided e-mail address to confirm the receipt of the order and for further order-related communication. Depending on the particular contractual details between each customer and the respectively competent KMBS Affiliate, this information may be transferred to the respectively competent KMBS Affiliate and be further processed for invoicing purposes.
Any placed order can be tracked in the respective user account.
The orders are carried out by an external service provider. This service provider is:
TechProtect GmbH (“TechProtect”)
Max-Eyth-Straße 35
71088 Holzgerlingen
Germany
Against this background, Order and Customer Data will therefore be transferred to TechProtect in order to perform requested orders.
Depending on the customers’ location, TechProtect may have to commission further service providers to perform the requested order. In such case, the respective Order and Customer Data will be transferred to those service providers to enable the requested order to be carried out.
This processing of Customer and Order Data is carried out on the basis of legal provisions which authorise the processing because it is necessary for the performance of the service and requested orders (Art. 6 I 1 lit. b GDPR).
Order Data (past orders, order history, related documents) are stored and can be accessed in the respective user account and will be deleted in compliance with applicable statutory retention obligations, however in any case no longer than 10 years after the end of the respective calendar year.
8.6 Processing activity –Contact and Service Inquiries
The service allows general contact or specific service inquiries to be submitted. When communicating via our service, we will process the respective Customer Data as well as additional information the respective user will provide to us (e.g. the content of the message).
We process that information in order to answer the inquiries. This processing is carried out on the basis of legal provisions which authorise the processing because it is necessary in order to process the inquiries (Art. 6 I 1 lit.b GDPR).
After final answering of an inquiry, we delete the inquiry as well as information with regard to their handling with a period of three years after the end of the respective calendar year.
9 Konica Minolta Global Policy
To the Global Personal Data Protection Policy