1) Who is processing my Personal Data?
If not indicated differently in a separate Policy, contract document or other communication as the case might be with your contact from Bühler, the following entity is responsible for the processing of your Personal Data as Controller.
Bühler AG, Gupfenstrasse 5, 9240 Uzwil, Switzerland
In case the Controller is not Bühler AG as mentioned above and the respective local entity has appointed a data protection officer, you can find the contact details of the data protection officer here.
For questions please contact us under: firstname.lastname@example.org
2) What kind of Personal Data and for what purpose does Bühler process my Personal Data?
Depending on the individual occasion, we process very different Personal Data for various purposes. Among other situations, we will process in the respective situation the hereinafter mentioned Personal Data for the described purpose:
If you contact us or when we contact you (in writing, electronically or by phone), we will process Personal Data such as name and contact data (postal address, e-mail or phone number) and the content and time of the relevant messages. We use this data for providing you the requested service, giving you information, process your request and to communicate with you. It is important to us, that you can contact us. We can also forward messages within the Group to the responsible entity or office.
ii) Visiting Websites / Opening an Account / Using Apps / Subscribing to Newsletter
When you use our Online Services, we will process Personal Data such as IP-address, log data, information about the time our website was accessed and/or the app was installed and/or you have consented to the receipt of a newsletter, the duration of the visit, the pages accessed, device specific information, and all data that is provided to us through an online facility, which data may include an e-mail address, user name and credit card information and additionally we may, depending on the offer, also process information of the use of your customer account, your location or your shopping behavior. In case of a newsletter we may additionally process Personal Data concerning the delivery of the newsletter, if and when you have opened and forwarded the newsletter as well as links you have clicked on.
We use these Personal Data for providing the Online Services, we further use it to improve our IT security. Based on the processed Personal Data we are able to make the relevant offer or further offers to you or to the company you work for and to process your offer. This may include opening and managing a customer account in your name or informing you about changes and providing you further information through the electronic newsletter. We also process Personal Data in order to develop our Online Services on an ongoing basis. By using your customer account we get to know you better and can provide you with personalized services. Finally, we process Personal Data in connection with Online Services in order to better understand the behaviour and interests of our customers. You are under no obligation to provide this Personal Data to us, but we may not be able to process a request or provide an online facility if you fail to provide such Personal Data.
We also use "cookies", which are small text files that are temporarily or permanently stored on your device when you visit our website. Cookies are often required for the functionality of the website. Others are used to personalize the offer. However, logs and cookies often do not contain personal data because we are often unable to assign this information to you. We also use analysis services such as Google Analytics. Within the use of such services, detailed information about the use of the relevant website is collected, but such information is also often not personal. Finally, we may use functionalities from providers such as Facebook, which may result in the provider concerned processing data about you. Further details about the used cookies, our evaluation of your user behavior or further social plug-ins and how to prevent these processing steps can be found here.
iii) Visiting our Premises
When you enter our premises, we may make video recordings in appropriately marked areas for security and evidence purposes. We may thereby obtain information about your actions in the relevant areas. Any Personal Data collected by video recordings is only available for processing to specific employees for your own safety, the safety of our employees and for evidence purpose. If criminal acts are suspected, we can make the recordings available to the prosecution authorities. If you do not want to be recorded, we must ask you not to enter the relevant areas.
You may also be able to use a Wi-Fi service. In this case, we collect device-specific data in the course of your use, and we may ask you to enter your name and e-mail address when registering. Even though we will usually not be able to assign the device specific data to a specific person, we will collect your log-in data. Additionally we will process the duration of the connection, the location of the used Wi-Fi service and the volume of data used. We process this information in order to provide you with Wi-Fi services and for IT security purposes. The use of our Wi-Fi service is voluntary. However, it may not be possible to use the Wi-Fi service without your Personal Data being processed accordingly.
iv) Customer Events
For an event (might it be for advertising, sponsoring, cultural and sporting reason), we process Personal Data such as name, contact details and participation, other data (f.e. date of birth) depending on the event. We process this information for the purpose of carrying out customer events, but also to get in direct contact with you and get to know you better. Participation in customer events is voluntary, but usually not possible without the processing of Personal Data.
v) Business Partners
If you are one of our business partners, might it be a supplier, commercial customer, cooperation partner or service provider, depending on the field of activity we process different Personal Data about the contact persons in your company, e.g. name, function, title, contact information or further information available from third party resources such as Worldcheck.
We need to process such Personal Data for the performance of our contract (i.e. check whether we obtain services from you or deliver them to you or whether we want and can work together with you, to check whether your company offers the required security standards, to plan the work schedules of our employees and, if necessary, of the your employees), improvement of our customer orientation, customer satisfaction and customer loyalty. None of your employees is obliged to provide us with Personal Data. Yet, if they do not wish to provide us with the required Personal Data, we may not be able to work with you. In exceptional cases we are even legally obliged to process such Personal Data.
We process Personal Data such as name, function, contact details or further personal information for our internal and group-internal administration, as well as accounting and archiving purposes and generally for checking and improving internal processes. These purposes may relate to us or to other Group entities.
vii) Corporate Deals
We may process Personal Data, relating to the contact person or employees of companies included in corporate deals, in order to prepare and process company takeovers, sales and purchases or sales of assets such as receivables or real estate and similar transactions. The scope of Personal Data processed depends on the subject and stage of transaction and may include Sensitive Personal Data. The purpose of this data processing is to check the corresponding transactions and to carry them out where applicable. Notifications to local and foreign authorities may also be required.
viii) Job Applications
When you are applying to us, we will process your Personal Data relating to your application (f. e. name, date of birth, curriculum vitae, qualifications, certificates; if necessary also Sensitive Personal Data) in order to assess whether you are qualified for the respective job position and to discuss possible employment with you. With your consent, we may also keep your application pending if we, or you, refrain from employment with a view to a possible later employment. It is voluntary to provide the respective Personal Data, but we cannot process an application without the necessary Personal Data.
ix) Compliance with Legal Requirements
In order to comply with legal requirements, we install preventive measures to ensure compliance or detect and clarify abuses (e.g. operation of a fraud reporting system, internal investigations or the disclosure of documents to an authority). We may also process Personal Data to comply with a legal requirement or government request.
x) Protection of Rights
We process Personal Data, e.g. name of the counterparty, in various constellations in order to protect our rights, e.g. to assert claims in and out of court and before local and foreign authorities or to defend ourselves against claims. Thereby authorities may require us to disclose documents containing Personal Data.
3) How and on what legal grounds is Bühler processing my Personal Data?
I) How Bühler processes Personal Data
i) Combination of Personal Data
We may also evaluate your Personal Data and combine it with other information, such as non-personal statistical information and other Personal Data that we have collected about you, in order to derive information about your preferences and affinities with certain products or services.
ii) Protection of Personal Data
Appropriate technical and organizational security measures are implemented in order to safeguard the security of your Personal Data and to protect it against unauthorised or unlawful processing, prevent the risk of loss, unintentional alteration, unintentional disclosure or unauthorised access. However, the electronic transfer of information in particular entails security risks that cannot be completely ruled out. If you transfer information electronically, you do so at your own risk.
iii) Profiling and Automated Individual Decision Making
Should we use your Personal Data for Automate Individual Decision Making, we will inform you accordingly in accordance with applicable legal obligations.
II) What are the legal grounds for processing Personal Data
We process your Personal Data based on the following legal grounds:
- Necessity for the performance of contract
- Compliance with legal obligations
- Consent (where processing is based on a specific request for consent)
- Legitimate interests (including purchase and shipment of products and services; advertisement and marketing activities; customer support and communication; understanding customer behavior, activities, concerns and needs, market studies; improvement of and development of new products and services; protection of customers, suppliers, employees and other individuals as well of data, secrets and assets of or entrusted to Bühler, and the safety of systems and premises; maintenance and organization of business operations including IT systems; corporate governance and development; sale and acquisition of business units and other corporate transactions)
- Compliance with legal and regulatory requirements and internal rules (f.e. prevention of fraud, wrongdoings and crimes and investigation in connection with improper conduct, handling of claims and actions against us, participate in legal proceedings, exercise and defend against legal actions)
4) For how long will my Personal Data be stored?
We retain your Personal Data no longer than it is necessary for the purposes for which the information is collected. We moreover retain Personal Data as long as we have a legitimate interest in the storage, for archiving purposes and for guaranteeing IT security or in the case of running statutes of limitations (often 10 years, in some cases 5 years or 1 year). We also retain your Personal Data as long as it is subject to a legal retention obligation (certain documents have a 10 year retention period; some even 25 years).
5) Does Bühler share my Personal Data with other recipients?
Our employees have access to your Personal Data as far as it is necessary for the described purposes and the work of the employees concerned. They act in accordance with our instructions and are bound to confidentiality and secrecy when handling your Personal Data.
We may also disclose your Personal Data to third party Processors. Processors are obliged to process the Personal Data exclusively on our behalf and according to our instructions.
Moreover, we may review or execute transactions such as mergers or the acquisition or sale of individual parts of an entity or its assets. In this context, the transfer of Personal Data to another company may be necessary. In these cases, for reasons of confidentiality, it is not always possible to inform you in advance if your Personal Data is affected. However, we will inform you as early as possible in each individual case and do our best under economical and reasonable circumstance to process as little Personal Data as possible.
Additionally we may disclose your Personal Data to other recipients if this is so required by law. We also reserve the right to share your Personal Data in accordance with a court order or to assert or defend legal claims or if we consider it necessary for other legal reasons.
The recipients of your Personal Data may be located abroad including in countries outside of the EU, UK or the EEA. The countries concerned may not have laws that protect your Personal Data to the same extent as the laws in Switzerland, the EU, UK or the EEA do. If we disclose your Personal Data to recipient located in such a third country, we will take appropriate measures to ensure the protection of your Personal Data, for example by concluding a data transfer agreement, that includes contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commission to ensure the necessary data protection with the third country recipients. Additionally we may transfer Personal Data to recipients who have joined the US Privacy Shield program.
Please contact us if you would like to obtain a copy of our data transfer contracts or if you wish to receive further information about how we protect your Personal Data when disclosing it to a third country
6) What are my rights as Data Subject with regard to my Personal Data?
It is important for us to point out, that you can at any time object to the processing of your Personal Data or freely withdraw your consent to the processing of your Personal Data. If you revoke your consent, effectively object to processing for a specific purpose, we no longer process your Personal Data for the corresponding purpose.
Additionally you may have the following rights, in accordance with applicable laws:
I) Right to Information
II) Right of Access
You have the right to request, at any time, access to your Personal Data stored and processed by us. This gives you the opportunity to check which Personal Data we process about you and to verify that it is used in accordance with the applicable data protection regulations. The right to information may be limited or excluded, in case no sufficient identification is given, it is necessary to protect the rights and freedoms of other Data Subjects, the right to access is used excessively, a comprehensive provision of information would generate disproportionate efforts.
III) Right to Rectification
You have the right to have incorrect or incomplete Personal Data corrected or completed and to be informed of such rectification.
IV) Right to Erasure
You have the right to request that your Personal Data is erased if the Personal Data no longer necessary for the purposes pursued, consent has effectively been withdrawn or there is an effective objection and if Personal Data is processed unlawfully.
The Right to Erasure might be excluded if the Personal Data is necessary for the exercise of freedom of expression and information, to perform a legal task or a task in the public interest or for the establishment, exercise or defense of legal claims.
V) Right to restrict Processing
Under certain circumstances, you have the right to request that the processing of your Personal Data be restricted (e.g. no further processing at all or removal of published Personal Data).
VI) Right to Data Portability
You have the right to receive the Personal Data concerning you, which you have provided to us, in a commonly used and machine-readable format, provided that processing is based on your consent or is necessary for the performance of the contract and the processing is carried out by automated means. Depending on the individual case, your Personal Data may be transferred to you or directly to another Controller.
VII) Right to lodge a Complaint
You have the right to lodge a complaint with a competent supervisory authority about the way we handle or process your Personal Data. Alternatively you may inform us under email@example.com.
VIII) Right to withdraw Consent
If you have given your consent to the processing of your personal data for a specific purpose, you can at any time freely withdraw your consent. The withdrawal of your consent has no effect on the legitimacy of the processing of your data carried out before the withdrawal. If you revoke your consent, we may no longer process your personal data for the corresponding purposes.
IX) Right to Object
If we process your Personal Data due to our legitimate interests, you can at any time object to the processing. Your objection should indicate the reasons why we should not process your Personal Data. If your objection is justified, we will cease the processing of your Personal Data.
You may also object to the processing for direct marketing purposes.
7) Updates and Definitions
- Automated Individual Decision Making: Decisions based solely on automated means and which result in negative legal effects or other similar negative effects of the Data Subject.
- Controller: The responsible entity out of the Bühler Group, deciding whether a particular processing should take place, for what purpose and which principles are applicable.
- Cookie: Small text files that are temporarily or permanently stored on your device when visiting our website in order to the functionality of the website or record the preferences of the users.
- Data Subject: Any natural person, whose Personal Data might be processed.
- EEA: The European Economic Area describes a region associated with the EU and includes Norway, Iceland and Liechtenstein.
- GDPR: EU General Data Protection Regulation 2016/679.
- Online Services: These services include your visit of our website, if you open an account with us or if you install, use an app provided by us or subscribe to an electronic newsletter.
- Personal Data: Information by which a particular natural person can be identified or is identifiable.
- Processing: Any operation or set of operation which is performed on Personal Data such as collecting, storing, restraining, organizing, administering, adapting, retrieving, consulting, using, applying, disclosing, combining, restricting, deleting, destructing or transferring.
- Processor: A third party who performs certain business operations on our behalf, such as IT services, consulting services, haulage and logistic services, administration services.
- Sensitive Personal Data: Personal Data that is seen by the legislator as particularly critical and therefore specially protected. This includes Personal Data revealing race or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetics biometric or health data, data on sex life, sexual orientation or criminal convictions and crimes.
- Third Countries: Countries outside the European Union / EEA, where the data protection level is not considered appropriate by the EU Commission.