Resonac Europe

Data Privacy Statement

B

1. General information and data controller

This data privacy statement explains the kind, extent and purpose of the processing (among others, collection, processing and usage as well as the obtaining of consents) of personal data within our online- and offline offer and of the connected websites, functions and contents (subsequently jointly designated as “online offer“ or “website”) pursuant to the General Data Protection Regulation (EU) 2016/679 (“GDPR”). The data privacy statement applies independently of the used domains, systems, platforms and devices (e.g. desktop or mobile) on which the online offer is executed. Besides, the data privacy statement also applies to all offers and contact possibilities in case of which personal data have to be stored in the online and offline area.

The offeror of the online offer and the data controller is:

Resonac Europe GmbH

Abraham-Lincoln-Strasse 44
65189 Wiesbaden
Phone.: +49 (0) 89 9399 62 0
Fax:       +49 (0) 89 9399 62 50

The term “user” or “data subject” comprises all customers and visitors of our online- and offline offer. The used terms such as e.g. “user” or “data subjects” have to be understood as gender-free.

The data privacy statement is also available digitally in German:

https://eu.resonac.com/privacy_de

B

2. Data Protection Officer:

Dentons GmbH
Thurn-und-Taxis-Platz 6
60313 Frankfurt am Main

Phone: +49 69 45 00 12 390
Mail: [graphite_gdpr(at)resonac.com]

B

3. Basic information as to data processing

We process personal data only subject to the relevant data protection regulations corresponding to the requirements of saving and avoiding data. This means that the data of the users are only processed when there exists a legal permission, especially if the data are necessary or required by law for rendering our contractual services as well as for rendering our online-services of if there is consent at hand.

We take organizational, contractual and technical safety measures corresponding to the state of the art in order to make sure that the provisions of the data protection laws are complied with and in order to protect therewith the data processed by us against accidental or intentional manipulations, loss, and destruction or against the access of unauthorized persons.

As far as there are contents, tools or other means used by third parties (subsequently jointly designated as „third-party offeror“) within the scope of this data privacy statement and as far as their named residence is abroad, it has to be assumed that a data transfer takes place into the states where the third-parties are domiciled. The transfer of data to third-party states complies with Chapter V of the GDPR.

B

4. Categories of personal data

We collect the following categories of information about you to provide our services, continually improve your user and business partner experience with us, manage and improve our business. The types of personal data we collect about you are described below.

(1)Contact Information

Depending on our business relationship, we will collect your name, mailing address, email, telephone number, payment information, profession, employment or business information, and other information necessary to perform our business relationship with your or your employer.

(2)Identification Information

Depending on our business relationship, we will collect information to verify your name, address, email, phone number, government- issued identification or age.

(3)Payment Information

Depending on our business relationship, we may have to collect your payment information, such as your payment instrument, card, or funding account used in connection with our services or business transactions, including issuer name, card type, country code, payment account number, CVV, username, and IBAN information.

(4)Information you provide when you contact us

Information you disclose when you contact us. This may include information about others if you choose to share it with us.
B

5. Purposes of the processing and legal basis

Apart from the usage expressly stated in this data privacy statement, the personal data will be processed for the following purposes on the basis of legal permissions or consents of the users:

  • The provision, execution, care, optimization and protection of our services, service and user performances (Art. 6 (1) b) or f) GDPR)
  • The warranty of an effective customer service and technical support (Art. 6 (1) b) or f) GDPR).
  • For the technical realization of our website and in order to be able to provide you our information on this website (e.g. IP-address, cookies, browser information) (Art. 6 (1) f) or a) GDPR).
  • In order to accept and process an application of yours for one of our job offers (Sec. 26 of the German Federal Data Protection Act) .
  • Fulfillment of legal obligations, for example KYC/AML requirements, data storage obligations etc. (Art. 6 (1) c) GDPR)

When contacting us (via contact form or e-mail) the information provided to us via the message will be saved and processed for the purpose of processing the request/message as well as for any follow-up questions (Art. 6 (1) b) and f) GDPR).

Personal data will be deleted, as soon as they fulfil their purpose and the deletion of such data will not infringe any applicable storage obligations or if there are no legal rights to store such personal data.

In case that we process your personal data based on our legitimate interest, such legitimate interest will particularly be:

  • to ensure that content is presented in the most effective way for you and your device on our website;
  • to prevent misuse of our website and our services as part of our efforts to keep our platform safe and secure;
  • to determine your eligibility for and to communicate with you about pre-approval for services for which you may qualify or that may be of interest to you, for example by carrying out internal credit assessments, if we conclude a contract with you directly as a natural person;
  • to carry out risk analysis, fraud prevention and risk management;
  • to improve our services and for general business development purposes, for example improving credit risk models to minimize fraud, develop new products and features and explore new business opportunities;
  • for marketing, product and customer analysis, including testing, for example to improve our product range and optimize our customer offerings;
  • to comply with applicable laws, which are not EU Member State Laws, such as anti-money laundering, bookkeeping laws, regulatory capital adequacy requirements, and rules issued by our designated banks and relevant card networks. For example, when we process personal data for know-your-customer requirements, to prevent, detect and investigate money laundering, terrorist financing and fraud. We also carry out sanction screening, report to tax authorities, police enforcement authorities, enforcement authorities, supervisory authorities where we are not compelled by EU and Member State law but where we have a good faith belief that sharing the information is necessary to comply with applicable law;
  • to conduct financial risk management obligations such as credit performance and quality, insurance risks and compliance with capital adequacy requirements under applicable law;
  • to provide you with information, news, and marketing about our services, including where we partner with others to offer similar services and given that we comply with applicable legal provisions for direct marketing;
  • for legal defense.
B

6. Transfer to third parties and categories of recipients

Being part of the global group we will have to share certain personal data with our affiliated group companies. An overview over such companies can be found here https://www.resonac.com/corporate/network/group

We transfer the data of the users to third parties only if this is necessary for the purposes of accounting (e.g. to a payment service provider) or for other purposes if these are necessary in order to fulfil our contractual obligations towards the users (e.g. notification of address to suppliers, transfer of data to distributors in cases in which we do not intend a house-to-house distribution).

Further categories of recipients can be:

  • Logistics (for the purpose of delivering our products and communications) ;
  • Cloud service providers and further IT-service providers;
  • Legal and financial advisors and service providers;
  • Debt collection agencies;
  • Governmental authorities / supervisory authorities;
  • With manufacturers, vendors, suppliers, service providers and others involved in a transaction;
  • With third parties that are independent data controllers, for example when we share personal data to credit reference agencies, acquires and other financial institutions, or security products to prevent bots from accessing our website or other facilities.

The hosting of the website is done at an external service provider in Germany. Hereby we make sure that the data processing is done in Germany solely. This is necessary for the operation of the website as well as for the establishment, the execution and the handling of the existing leasing contract and it is also possible without your consent.

In addition, a transfer is done when we are entitled or obliged to do so due to legal provisions and/or due to official or judicial directives. This might especially be the disclosure for the purposes of prosecution, averting of a danger or for the enforcement of intellectual property rights.

As far as your data are passed on to service providers in the required extent, those will only have access to your personal data as far as this is necessary for the fulfilment of their tasks.

We further reserve the transfer of customer data to our official distributors and suppliers, where this is necessary to fulfil our contractual obligations and to ensure a seamless business operation.

In general, our internal processes require a transfer of all data to and the processing of such data (including personal data) by our holding company in Japan, due to the global strategy and structure of our group (see also section 6 below). This applies in particular to our marketing activities. In this regard we specifically point out that within the EU / EEA Member States we consolidate our marketing activities with other RESONAC Group entities also located in the EU / EEA. Therefore, such Resonac entities located in the EU/EEA as well as the Resonac Holdings Corporation in Japan also receive the personal data of our business partners for marketing purposes and act as independent controllers in this regard. We inform the respective data subjects about this situation explicitly within the respective consent declarations.

We also use the following third party service providers for marketing, data management and data storage purposes:

  • Oracle Eloqua Marketing Automation for our B2B-Marketing-Campaigns. Eloqua is a tool of the Oracle Corporation (seat in Austin, Texas, USA). Further information about Oracle data protection processes can be found here: https://www.oracle.com/de/cx/marketing/automation/.

We use this tool exclusively for our B2B customers, insofar as they have consented to the processing of their contact data for marketing purposes or we have legal permission for such processing.

  • Salesforce CRM tool for our customer relationship management. The Salesforce CRM Tool is a tool of Salesforce.com, headquartered in San Fransisco, USA. Further information on data protection can be found at https://www.salesforce.com/de/company/privacy/.

We use this tool exclusively for our B2B customers, insofar as they have consented to the processing of their contact data for marketing purposes or we have legal permission for such processing.

Beyond the aforementioned circumstances, we will basically not transfer your data to third parties without your consent.

B

7. International data transfer

In the course of our business relationships, your personal data may be transferred or disclosed to third party companies as described above. These may also be located outside the EU / the EEA, i.e. in third countries.

In particular, please note that Resonac’s holding company is Resonac Holdings Corporation, which is based in Japan. For Japan, there is an adequacy decision by the European Commission with regard to the level of data protection prevailing there. In addition, Resonac has other group companies in third countries. An overview of this can be found at: https://www.resonac.com/corporate/network/oversea.html.

Any such processing outside the EU / EEA will only be carried out to fulfil contractual and business obligations and to maintain your business relationship with us, or will be based on your express consent. We will inform you about the respective details of the transfer in the relevant places below.

The European Commission certifies data protection comparable to the EEA standard for some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct. Please contact us if you would like more information on this.

B

8. Duration of storage

We store personal data as long as legal requirements require us to store them. Further, we store them in accordance with our legitimate interests (Art. 6 (1) (f) GDPR) for the respectively applicable limitation period. In rare circumstances where we process your personal data based on your consent, we store them for as long as the consent is valid or for the time period indicated in the consent information.
B

9. Newsletter

If you sign up on our website to our newsletter, the information and personal data that you have provided to us will be used to send you the subscribed newsletter by e-mail. The provision of your name is required so that we can address you personally in the newsletter and, if necessary, identify you if you wish to exercise your rights as a data subject. Subscribers can be informed by e-mail about topics relevant to the service or registration.

We require a valid e-mail address for effective registration. We use a “double opt-in” procedure to verify the e-mail. The legal basis for our actions is your expressly given consent (Art. 6 (1) (a) GDPR).

The consent to the storage of personal data can be revoked at any time with effect for the future. A corresponding link will be placed in each newsletter. In addition, you can unsubscribe by notifying us of your revocation directly via the contact details provided in this statement.

B

10. Collection of access data

We collect data on every access to the server on which this service is located (so-called server log files). The access data include the name of the called website, data, date and time of the call, transferred data amount, notification on successful call, browser type plus version, the user’s operating system, referrer URL (the site previously visited), IP-address and the requesting provider.

We use the protocol data without allocation to the person of the user or other profile creation corresponding to the legal provisions only for statistical evaluations for the purpose of operation, safety and the optimisation of our online-offer. However, we reserve the right to revise the protocol data subsequently if there is due to concrete clues the justified suspicion of an illegal usage.

To protect your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

B

11. Cookies, tracking tools & range measurement

Please note that all cookies and tracking tools, which require a consent (this means such cookies and tracking tools, which are not required for the operation and the functionality of the website), have to be explicitly authorized by you via our cookie-banner (consent), before they are activated. In the following we provide you with general information about the functionality of cookies and in particular about specific cookies and tracking tools, which activity you can individually control via the cookie-banner.

On our website, information is collected and stored by the use of so-called browser-cookies. Cookies are small text files that are stored on your data carrier and which store certain adjustments and data for the exchange with our system via your browser. As a rule, a cookie includes the name of the domain from which the cookie-data were sent as well as information on the age of the cookie and an alphanumeric identifier.

Cookies facilitate our systems to recognize the device of the user and to make available possible pre-settings immediately, as soon as a user accesses the platform, a cookie will be transferred to the hard disk of the computer of the respective user. Cookies help us to improve our website and to offer you a better service, even more specific to you. They facilitate us to recognize your computer resp. your (mobile) end device again when you return to our website and thereby to:

  • store information on your preferred activities on the website and thus to orient our website toward your individual interests.
  • accelerate the speed of the handling of your requests.

We work together with services of third parties which support us in making the internet offer and the website more interesting for you. Therefore, cookies by these partner companies (third party offerors) are stored on your hard disk during a visit of the website, too. These are cookies that delete themselves automatically after the preset time. This online offer may also be viewed to the exclusion of cookies.

It may happen that contents or services of third-party offerors, such as for example city maps or fonts are integrated within our online offer by other websites. The integration of contents of the third-party offerors always implies that the third-party offerors perceive the IP-address of the users because they would be unable to send the contents to the browser of the users without the IP-address. The IP-address is thus required for the display of these contents. Furthermore, the offerors of the third-party contents may place own cookies and may process the data of the users for their own purposes. Thereby, usage profiles of the users may be created from the processed data. We will deploy these contents as sparingly and data-avoiding as possible with regard to data and we will select reliable third-party offerors with regard to data security.

The subsequent display provides an overview of third-party offerors as well as of their contents, plus links to their data privacy statements containing further hints as to the processing of data and, partially already mentioned here, possibilities for objection (so called opt-out) or consent apply:

  • Maps of the service “Google Maps” of the third-party offeror Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, placed. Data privacy statement:https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.
  • We use the consent management platform Cookiebot, of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich (Usercentrics). This enables us to obtain and manage the consent of website users for data processing. The processing is necessary for the fulfillment of a legal obligation to which we are subject (Art. 6 para. 1 p. 1 lit. c GDPR). For this purpose, the following data is processed with the help of cookies:
    Your IP address (the last three digits are set to ‘0’). Date and time of consent. Browser information URL from which the consent was sent. An anonymous, random and encrypted key Your end-user consent status, as proof of consent.
    The key and consent status are stored in the browser for 12 months using the “CookieConsent” cookie. This preserves your cookie preference for subsequent page requests. With the help of the key, their consent can be proven and tracked.
    The functionality of the website is not guaranteed without the processing. Usercentrics is a recipient of your personal data and acts as a processor for us. The processing takes place in the European Union. You can find more information about objection and removal options vis-à-vis Usercentrics at: https://www.cookiebot.com/de/privacy-policy.
    Your personal data will be deleted consecutively after 12 months or immediately after the termination of the contract between us and Usercentrics.
B

12. Rights of the data subjects and deletion of data

The applicable data protection law grants data subjects comprehensive data subject rights (rights of information and intervention) vis-à-vis the controller with regard to the processing of their personal data, which we inform about below:

Right to information pursuant to Art. 15 GDPR: In particular, data subjects have the right to obtain information about their personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom their data have been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, to object to processing, to lodge a complaint with a supervisory authority, the origin of their data if it has not been collected by us from the data subjects, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing, as well as the right to be informed about the safeguards pursuant to Article 46 GDPR in case of onward transfer of their data to third countries;

Right to rectification pursuant to Art. 16 GDPR: Data subjects have a right to immediate rectification of incorrect data concerning them and/or completion of their incomplete data stored by us;

Right to erasure pursuant to Art. 17 GDPR: Data subjects have the right to request the deletion of their personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;

Right to restriction of processing pursuant to Art. 18 GDPR: Data subjects have the right to request the restriction of the processing of their personal data as long as the accuracy of their data, which they dispute, is being verified; if data subjects refuse to have their data erased because of unlawful data processing and instead request the restriction of the processing of their data; if data subjects need their data to assert, exercise or defend legal claims after we no longer need this data after the purpose has been achieved; or if data subjects have lodged an objection on grounds relating to their particular situation as long as it has not yet been determined whether our legitimate grounds prevail;

Right to information pursuant to Art. 19 GDPR: If data subjects have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning the data subject have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort. Data subjects have the right to be informed about these recipients.

Right to data portability pursuant to Art. 20 GDPR: Data subjects have the right to receive their personal data that they have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible;

Right to withdraw consent given in accordance with Art. 7(3) GDPR: Data subjects have the right to revoke consent to the processing of data, once given, at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation;

Right to lodge a complaint pursuant to Art. 77 GDPR: If data subjects consider that the processing of personal data concerning them infringes the GDPR, they have – without prejudice to any other administrative or judicial remedy – the right to lodge a complaint with a supervisory authority, in particular in the Member State of their place of residence, place of work or place of the alleged infringement.

RIGHT OF OBJECTION

INSOFAR AS WE PROCESS PERSONAL DATA IN THE CONTEXT OF A BALANCING OF INTERESTS ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, USERS HAVE THE RIGHT TO OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE AT ANY TIME FOR REASONS ARISING FROM THEIR PARTICULAR SITUATION.

IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO CONTINUE PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE INTEREST FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

WHERE WE PROCESS PERSONAL DATA FOR THE PURPOSES OF DIRECT MARKETING, DATA SUBJECTS SHALL HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING THEM FOR THE PURPOSES OF SUCH MARKETING. DATA SUBJECTS MAY EXERCISE THE OBJECTION AS DESCRIBED ABOVE.

IF DATA SUBJECTS EXERCISE THEIR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.

B

13. Changes of the data privacy statement

We reserve the right to change the data privacy statement in order adjust it to changed legal situations or in case of changes of the service and the data processing. However, that only applies in view of declarations as to data processing. As far as consents of the users are required or as far as components of the data privacy statement contain regulations of the contractual relationship with the users, the changes will only be done with the consent of the users.

The users are asked to keep themselves informed regularly on the contents of the data privacy statement.

 

You can find the pdf version of the privacy policy here:

© [Resonac Europe September 2023]