EU GDPR compliant version
Effective Date: 17 October 2017
Data File Name: |
Vendor Contact Data File |
Legal Basis for the Processing and Purposes of Use of the Personal Data: |
Processing of personal data (“Contact Data”) is generally based on legitimate interest of the data controllers. Based on defined purposes of uses of Contact Data and relationship between data controllers and Contact Data subjects, the primary legitimate interest of the data controllers is the possibility to conduct justified and legitimate business according to applicable legislation. Secondarily, for certain data subjects, the processing of Contact Data is based on direct or indirect contractual relationship between data subjects and data controllers. Purposes of use: 1) Business development and reporting; 2) Quality management; 3) Research and development of KC Group (Konecranes Plc and its affiliated companies) IT infrastructure; 4) Purchasing activities; 5) Inventory management and activities; 6) Manufacturing of products; 7) Delivery of products; 8) Vendor and subcontractor management (incl. access to KC Group digital channels and as appropriate to KC Group IT systems and products); 9) Invoicing, taxation and related financial transactions; and 10) Ensuring the integrity of KC Group business environment and processes (incl. eventual non-continuous system monitoring for the prevention or inspection of misuse as the case may require). |
Data Content: |
First name; Last name; Salutation; Title; Company (employer); Job role; Street Address; Postal Code; City; State; Country; Contact Method; Telephone number; Mobile phone number; Telephone extension; Fax number; Email address; Miscellaneous business information (free text field); Personal identification number (for some vendors only and only in certain countries: Spain, Portugal and U.S.) Indicator of access to KC Group digital platforms; Accepted data protection statement version; Last data processing activity (time stamp); Geographical location consent (if any); Cookie consent; Data request date (if any); |
Data Subjects: |
Any natural persons representing vendor companies of KC Group. |
Regular Sources of Data: |
Vendor contact persons themselves, other persons representing the vendor companies of the KC Group, employees and other persons working for or representing KC Group. |
Regular Disclosures of Data and Transfer of Data to Countries Outside EU and/or EEA: |
Contact Data are not disclosed (to another controller for independent use unless required by the law such as to authorities) regularly except within companies of KC Group and even then at all times in accordance with applicable laws. Contact Data are transferred outside EU and/or EEA (incl. Switzerland) only as allowed by and in accordance with applicable laws. In case of absence of EU Commission adequacy decisions, EU Commission standard contractual clauses (of type controller to processor, EU Commission decision C(2010)593) are used as appropriate or suitable safeguards for these data transfers. Copies of the standard contractual clauses will be available through the contact details mentioned above. Furthermore, if EU Commission adequacy decisions are applicable we may rely on them. If Contact Data is transferred to external data processors (subcontractors or vendors), appropriate contractual arrangements (including EU Commission standard contractual clauses, as applicable), as required by the applicable laws, are executed to secure lawful and appropriate processing of personal data. Contact Data can be transferred to following countries for processing: o Australia o Austria o Bangladesh o Belgium o Brazil o Canada o Chile o People's Republic of China o Czech Republic o Denmark o Estonia o France o Germany o Greece o Hungary o India o Indonesia o Italy o Japan o Korea o Latvia o Lithuania o Malaysia o Mexico o Morocco o Netherlands o New Zealand o Norway o Peru o Philippines o Poland o Portugal o Qatar o Romania o Russia o Saudi Arabia o Singapore o Slovakia o Slovenia o South Africa o Spain o Sweden o Switzerland o Thailand o Turkey o Ukraine o United Kingdom o United Arab Emirates o United States o Vietnam |
Security Principles of Data File: |
Contact Data is protected by technical and organisational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of Contact Data. Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained. Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Access to personal data is available only in the internal networks of KC Group. Personnel processing personal data as part of their tasks is trained and properly instructed in data protection and data security matters. |
Right to Object Data Processing: |
In accordance with the law the data subject has at any time the right to:
In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law. |
Other Rights of Data Subject: |
In accordance with the law the data subject has at any time the right to:
In order to use these rights, the data subject shall contact the above mentioned contact persons in writing (incl. e-mail). However, the request may be declined where allowed or required under the law. |
Retention Period of the Contact Data: |
Generally, to the extent permitted by applicable laws and regulations, data controllers retain Contact Data at most ten (10) years after the last business activity where the data subject has been involved. Additionally, as the case may require, data controllers may have to extend Contact Data retention on the grounds of establishment, exercise or defense of legal claims or execution of our internal investigations. This retention period is justified due to data controllers' obligations or needs related to e.g. product and service warranties, product liability statutes as well as burdens of proofs in possible litigation situations. |
Provision of Contact Data: |
It is not statutory for the data subject to provide the Contact Data but certain Contact Data is required to execute or enter into a business activity (such as business contract) with KC Group. Lack of or failure to provide Contact Data prevents or may prevent the business activity (such as business contract) as the case may be. |
Data Controllers: |
Address: Koneenkatu 8 (P.O.Box 661), 05830 Hyvinkää, Finland Telephone: +358 20 427 11
Address: Koneenkatu 8 (P.O.Box 661), 05830 Hyvinkää, Finland Telephone: +358 20 427 11 |
Contact Person in Matters Related to Data File: |
Lasse Toivonen (Data Protection Manager) |