Data Protection Statement – KMBS Europe – Clean Planet Program Portal
When using this service, we collect, process and use personal data. Since protecting the privacy of our users when using this service is important to us, we would like to inform the users below about which personal data we process when providing the service.
1 Responsible Party / Contact Details of the Data Protection Officer
The responsible party for the data processing required to provide the service is:
Konica Minolta Business Solutions Europe GmbH (“KMBS Europe”)
You can contact our data protection officer under firstname.lastname@example.org
KMBS Europe provides this service centrally for and on behalf of all participating affiliated companies of KMBS Europe (“KMBS Affiliate(s)”) contractually obligated to provide the service towards its respective customers.
2 Collection and Use of Your Personal Data
2.1 General Use of the Service
When using the service, we process certain information automatically. This includes: the IP address or device ID assigned to the respective end user device, which we require for the transmission of requested content (e.g. in particular content, texts, images and product information as well as files made available for download, etc.), the type of end user device, the URL of the previously visited services, the browser type and operating system used and the date and time of use.
This data processing takes place in order to facilitate the use of the service.
We hold this information for a maximum of one month for the purpose of recognizing and pursuing misuse.
Aside from this, we delete or anonymize these usage data, including the IP addresses, without undue delay as soon as they are no longer needed for the above mentioned purposes.
The data processing is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the provision of the service to the user (Art. 6 para. 1(b) GDPR), or because we have a legitimate interest in safeguarding the security and functionality of our service as well as its proper use without the affected data subjects having an overriding interest (Art. 6 para. 1(f) GDPR).
2.2 User Accounts (Registration and Login)
In order to use our service, a user account must be set up.
When registering for a user account, the following information must be provided (jointly “Customer Data”):
· First and last name
· A valid e-mail address and phone number
· Company name of customer and branch
· Address or several addresses (street address, city, postal code, country)
When setting up a user account, an individual password must be created. This password can be changed at any time.
In order to login to a user account, the following data must be entered:
· User identification (e-mail address provided during the registration)
The data processing is carried out on the basis of legal provisions which authorise the data processing because it is necessary for the provision of this functionality to the user (Art. 6 para. 1(b) GDPR).
2.3 Placing, Execution and Invoicing of Orders
The service allows the ordering of certain services. When an order is placed on our service, we collect further data in addition to the Customer Data. Depending on the requested service and processing status, this data may include the following information (jointly “Order Data”):
· Order number
· Messages and communication relating to the order
· Order status
· Optional: Name and contact details of another contact person at the customer
We will use the Order Data and respective Customer Data to render the requested service (e.g. scheduling a pickup, creating required documentation etc.). We will use the provided e-mail address to confirm the receipt of the order and for further order-related communication. Depending on the particular contractual details between each customer and the respectively competent KMBS Affiliate, this information may be transferred to the respectively competent KMBS Affiliate and be further processed for invoicing purposes.
Any placed order can be tracked in the respective user account.
The orders are carried out by an external service provider. This service provider is:
TechProtect GmbH (“TechProtect”)
Against this background, Order and Customer Data will therefore be transferred to TechProtect in order to perform requested orders.
Depending on the customers’ location, TechProtect may have to commission further service providers to perform the requested order. In such case, the respective Order and Customer Data will be transferred to those service providers to enable the requested order to be carried out.
This processing of Customer and Order Data is carried out on the basis of legal provisions which authorise the processing because it is necessary for the performance of the service and requested orders (Art. 6 para. 1(b) GDPR).
Order Data (past orders, order history, related documents) are stored and can be accessed in the respective user account and will be deleted in compliance with applicable statutory retention obligations, however in any case no longer than 10 years after the end of the respective calendar year.
2.4 Contact and Service Inquiries
The service allows general contact or specific service inquiries to be submitted. When communicating via our service, we will process the respective Customer Data as well as additional information the respective user will provide to us (e.g. the content of the message).
We process that information in order to answer the inquiries. This processing is carried out on the basis of legal provisions which authorise the processing because it is necessary in order to process the inquiries (Art. 6 para. 1(b) GDPR).
After final answering of an inquiry, we delete the inquiry as well as information with regard to their handling with a period of three years after the end of the respective calendar year.
We therefore use so-called session cookies to maintain a login session. Session cookies are small information units in which a randomly generated identification number, the so-called session ID, is stored. In addition, a session cookie stores information about its origin and the storage period. These cookies cannot store any other data. Session cookies will be deleted at the latest within a period of 24 days.
The processing takes place on the basis of legal regulations which permit the processing because it is necessary for the intended and comprehensive provision of the service and the functionalities offered thereon (Art. 6 para. 1 (f) GDPR).
The service can also be used without cookies. Most Internet browsers automatically accept cookies. To prevent cookies from being stored each user may select "do not accept cookies" in his or her browser settings. Please refer to the instructions of the browser manufacturer to find out how this works in detail. Already stored cookies can be deleted at any time. Not accepting cookies may however lead to functional restrictions of our services.
3 Disclosure of Data
In addition to the other instances mentioned in this data protection statement, a disclosure of personal data may only occur in the following cases:
To criminal prosecution authorities as well as, if necessary, harmed third parties if necessary to investigate illegal or abusive use of the service. However, this only occurs if there are specific indications for illegal use or misuse. A disclosure can also take place if this serves to enforce the terms and conditions for the use of the service or other agreements or if necessary, to assert, exercise or defend legal claims.
We are also required by law to provide information to certain governmental agencies. These are the criminal prosecution authorities, public authorities that prosecute administrative misdemeanours sanctioned with fines and the tax authorities.
To the extent necessary to process a request or order, and in the case of centralised or outsourced business functions, personal data may be transferred to KMBS Affiliates for the purposes set out above.
From time to time we may rely on contracted third parties or other partners and external service providers such as IT service providers, business consultants and financial institutions to fulfil the purposes described herein or to provide our services. In such cases, personal data may be shared with these recipients.
During the course of the further development of our business, it is possible that the structure of our company will change by changing the legal form, establishing, purchasing or selling subsidiaries, company divisions or parts of the company. In case of such transactions, personal data is passed on together with the part of the business which is transferred. We make sure in the case of each disclosure of personal data to third parties as described above that this takes place in accordance with this data protection statement and applicable data protection laws.
Insofar as the recipients referred to in Sections 3.3 to 3.5 are entities outside the EU or the EEA, we shall ensure an appropriate level of data protection, for example by concluding appropriate contracts or on basis of appropriate certifications of the respective recipient.
4 Access Right / Further Data Subjects’ Rights
Users have the right to obtain information at any time about the personal data stored about them. They may also be entitled to the following rights in case the respective requirements are met:
· Right to rectification: Right to have false personal data corrected.
· Right to erasure: Right to request the deletion of personal data, for example if personal data are no longer required for the purposes for which they were collected or otherwise processed.
· Right to restriction of processing: Right to request that the processing of personal data be restricted; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data is debated.
· Right to data portability: If we process personal data to fulfil a contract with a user or on the basis of consent, the users have the right to receive their personal data in a structured, commonly used and machine-readable format, provided and to the extent that they have made the data available to us.
In addition, the users may object to processing of their personal data for reasons arising from their particular situation. However, this only applies in such cases in which we process data to fulfil a legitimate interest of KMBS Europe or a third party (in particular KMBS Affiliates). If the user can state such a reason and we cannot assert a compelling, overriding interest for the further processing, we will not process these data further for the respective purpose.
This does not affect the other rights of objection described in this data protection statement.
If users wish to enforce any of the above mentioned rights or if they have questions about how we protect or process personal data, they can contact us either by mail (Konica Minolta Business Solutions Europe GmbH, Europaallee 17, 30855 Langenhagen, Germany) or by e-mail via email@example.com. After the final answering of an inquiry, we delete the inquiry with a period of three years after the end of the respective calendar year.
Users also have the right to file a complaint at any time with a supervisory authority, in particular a supervisory authority in the Member State where they are staying, working or the place of alleged infringement, if they believe that the processing of personal data concerning them is in violation of applicable data protection laws.
5 Deletion of Personal Data
Unless otherwise described in this data protection statement, we will only store personal data for as long as it is necessary to achieve the purposes stated herein or within the framework of an applicable statutory storage period; in the latter case, we will block the affected personal data for other processing operations.
6 Amendments to this Data Protection Statement
We reserve the right to amend this data protection statement from time to time and make changes as to which we process personal data. The current version of the data protection statement is always available under this link.