Refrigeration and freezing

Principles of personal data processing at Liebherr

You have reached this page via a link because you are interested in the manner in which we handle the personal data of our business partners. The following information is intended to provide you with an overview of how your personal data is processed and inform you of your rights as a data subject.

A. General information

I. What does this data protection notice regulate?

The protection and security of your personal data is extremely important to us. It is therefore important to us that you are informed about which of your personal data we process, the purpose for which we process it, and the rights that you have in relation to your personal data.

II. What is personal data and what does processing mean?

1. ‘Personal data’ (hereinafter also referred to as ‘data’) is any information that says something about a natural person. Personal data is not only information that makes a direct reference to a specific person (such as their name or email address), but also information which, with the appropriate additional knowledge, can be linked to a specific person.

2. ‘Processing’ means any measures taken in relation to your personal data (such as the collection, recording, organization, structuring, storage, use, or deletion of data).

B. Personal data processing

I. Who is responsible for processing your personal data?

The controller responsible for processing your data is Liebherr-Hausgeräte Ochsenhausen GmbH, Memminger Straße 77-79, 88416 Ochsenhausen, contact: [email protected].

II. What data do we collect and for what purposes?

Within the scope of our cooperation with our business partners, we process the following data of contact persons of customers, prospective customers, sales partners, suppliers, and partners (hereinafter individually or collectively referred to as ‘business partners’):

1. Contact information, such as first and last name, business address, business phone number, business mobile phone number, business fax number, and business email address,

2. Payment data, such as the information required to process payment transactions or prevent fraud, including credit card information and card verification numbers,

3. Information that needs to be processed in the context of a project or contractual relationship with Liebherr or that is provided voluntarily by business partners, for example, in the context of submitted orders, inquiries, or project details,

4. Personal data collected from publicly available sources, information databases, or credit agencies,

5. Insofar as legally required in the context of compliance screenings: date of birth, identity document and identity number, information on relevant court proceedings and other legal disputes involving business partners.

6. Further information regarding the business relationship, such as records, audits, inquiry interests, purchasing power classification, category and blocking indicators as well as

7. Data from access control and building security systems in the event of plant tours, such as visit reports, vehicle registration numbers, recordings from video surveillance).

This data is only processed for the following purposes:

1. Communicating with business partners about products, services and projects, e.g. to process inquiries from the business partner or to provide technical information about products (Data categories used: 1, 3)

2. Planning, implementing, and managing the (contractual) business relationship between Liebherr and the business partner, e.g. to process orders for products and services, to collect payments, for accounting and invoicing purposes, and to carry out deliveries, maintenance work, or repairs (Data categories used: 1–4 and possibly 5–7)

3. Conducting customer surveys, marketing campaigns, market analysis, competitions, contests, or similar campaigns and events (Data category used: 1)

4. Complying with (i) legal requirements (e.g. tax and commercial law retention obligations), (ii) existing obligations to carry out compliance screenings (to prevent white-collar crime or money laundering) and (iii) Liebherr guidelines and industry standards (Data categories used: 1–7) and

5. Settling legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims. (Data categories used: 1–7)

Data processing for other purposes will only be considered if the necessary legal requirements pursuant to Article 6(4) GDPR are met. In this case, we will of course comply with any information obligations pursuant to Article 13(3) GDPR and Article 14(4) GDPR.

III. On what legal basis do we collect your data?

The legal basis for the processing of your data is Article 6 GDPR – insofar as no other specific legal provisions apply.

Your data is processed on the basis of one or more the following legal grounds:

1. Consent (Article 6(1)(a) GDPR) (Applies to purpose 3)

2. Data processing for the performance of contracts (Article 6(1)(b) GDPR) (Applies to purposes 1, 2, 4)

3. Data processing on the basis of a balancing of interests (Article 6(1)(f) GDPR) (Applies to purpose 3)

4. Data processing to comply with a legal obligation (Article 6(1)(c) GDPR) (Applies to purposes 4(i), 4(ii))

Our legitimate interests are:

1. Economic interests (Purpose 3)

2. Customer service (Purpose 3)

3. Product improvement (Purpose 3)

4. Hazard identification (Purpose 3)

5. Customer loyalty (Purpose 3)

If your data is processed by us on the basis of your consent, you have the right to revoke your consent at any time with effect for the future.

If your data is processed on the basis of a balance of interests, you have the right to object to the processing of your data, subject to the provisions of Article 21 of the GDPR.

We will only process your data to the extent necessary to fulfil the above-mentioned purposes.

IV. To whom and for what purposes do we transfer which categories of your data?

We may transfer your data to:

1. Other companies in the Liebherr group of companies, insofar as this is necessary to bring about, perform, or terminate a contract, or if we have a legitimate interest in the transfer and this is not precluded by your overriding legitimate interest; (Data category 2)

2. The service providers we use to achieve the above purposes; (Data category 1, 2, 3, 4, and 5)

3. Courts, arbitration tribunals, public authorities, or legal advisors if this is necessary to comply with applicable law or to assert, exercise, or defend legal claims. (Data category 1, 2, and 5)

V. Will my data be processed outside the European Union?

Data may only be transferred to entities in countries outside the European Union and European Economic Area (also known as third countries) (1) if you have given us your consent or (2) if the European Commission has decided that an adequate level of protection exists in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we may transfer your data to third parties located in a third country only if appropriate safeguards exist (for example, standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and the enforcement of your rights as a data subject is ensured.

VI. When do we delete or anonymize your data?

We process your data for as long as this is necessary for the respective purpose, unless you have effectively objected to the processing of your data or effectively revoked any consent you may have given.

If statutory retention obligations exist – for example, under commercial law or tax legislation – we will have to store the data concerned for the duration of the retention obligation. After the expiration of the retention obligation, we will check whether there is any further need for processing. If this is no longer necessary, your data will be deleted.

VII. To what extent are automated decisions made in individual cases?

We do not use fully automated decision-making in accordance with Article 22 GDPR for the establishment and implementation of business relationships. If we make use of such procedures in individual cases, we will inform you of this separately, insofar as this is required by law.

VIII. To what extent will my data be used for profiling (scoring)?

We process some of your data automatically with the aim of evaluating certain personal aspects (profiling).

We use profiling in the following cases:

1. In accordance with statutory and regulatory requirements, we are obliged to combat money laundering, the financing of terrorism, and criminal offenses that endanger assets. In the process, data evaluations (in payment transactions, among other things) are carried out. These measures also serve to protect you. (Applies to purpose 4)

2. We use scoring as part of our assessment of your creditworthiness. Here, the probability that a customer will meet their payment obligations in accordance with the contract is calculated. The calculation may take into account, for example, income, expenses, existing liabilities, occupation, employer, length of employment, experience gained in an existing business relationship, repayment of previous loans as contractually agreed, as well as information from credit agencies. The scoring is based on a mathematically and statistically recognized and proven procedure. The calculated score supports us in our decision-making in the context of product transactions and is included in our continuous risk management. (Applies to purpose 2)

C. How is your personal data protected against unauthorized access and loss?

We use technical and organizational security measures to ensure that your data is protected from loss, improper modification, or unauthorized access by third parties. Moreover, we ensure that, on our side, only authorized persons are ever granted access to your data and then only to the extent necessary for the purposes mentioned above. The transfer of all data is encrypted.

D. Data subject rights and right to lodge a complaint

Within the provisions of the legislation, you have the right to

1. Information about your data;

2. The correction of incorrect data and the completion of incomplete data;

3. The deletion of your data, particularly if (1) it is no longer necessary for the purposes stated in this data protection notice, (2) you withdraw your consent and there is no other legal basis for the processing, (3) your data has been unlawfully processed or (4) you have objected to the processing and there are no overriding legitimate grounds for the processing.

4. The restriction of the processing of your data, particularly if the accuracy of the data is contested by you, or the processing of your data is unlawful and you request the restriction of the use instead of deletion.

5. The right to receive your data in a structured, commonly used, and machine-readable format and the right to have us transfer your data directly to another controller.

Please note that the revocation of your consent will not affect the legality of the processing carried out on the basis of your consent up to the time of revocation.

If you seek to assert any of the above rights, other than in writing, kindly note that we may require you to provide proof that you are the person who you claim to be.

Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

E. Who is the contact person for data protection issues and how do I contact them?

If you have any questions relating to data protection, please contact:

Liebherr-Hausgeräte Ochsenhausen GmbH

Memminger Straße 77-79

88416 Ochsenhausen

Email: [email protected]

Version: July 2020