ZEPPELIN POWER SYSTEMS GmbH DATA PRIVACY NOTICE
The General Data Protection Regulation (GDPR) includes comprehensive obligations to provide information regarding the use of personal data (hereinafter referred to as “Data”). Over the next few pages, we would like to give you a summary of the kind of data that Zeppelin Power Systems GmbH (hereinafter referred to as “ZPS”) collects and how the data are processed. This applies to data processing in the following situations:
collection and processing of data in the context of establishing and developing business contacts (III.)
collection and processing of data in connection with the purchase of engines, spare parts or other plants (IV.)
'collection and processing of data in connection with services (V.) Handling ex-gratia, warranty and guarantee requests (VI.)
advertising use of data (VII.)
data exchange in the Zeppelin Group (VIII.)
data transfer to CAT (IX.)
At the beginning of this data protection notice, we would like to provide you with further information required by law (I.) and inform you of your rights (II.)
I. Who is responsible and how can I reach the Data Protection Officer?
The data controller as defined in the GDPR is Zeppelin Power Systems GmbH, Ruhrstr. 158, 22761 Hamburg, Germany. If you have any questions regarding data protection, please contact the Group Data Protection Officer:
85748 Garching bei München
Phone: +49 89 32 000-0
Fax: +49 89 32 000-482
The relevant supervisory authority is the Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (Data Protection Authority of Hamburg for the Private Sector), Ludwig-Erhard-Str. 22, 7th floor, 20459 Hamburg, Germany. You can use the following email address for email communication with the supervisory authority: email@example.com
II. Your Rights as a Data Subject
All data subjects are entitled to the following rights to:
access (Article 15 GDPR);
rectification of inaccurate data (Article 16 GDPR);
erasure or “the right to be forgotten” (Article 17 GDPR)
restrict processing of personal data (Article 18 GDPR);
data portability (Article 20 GDPR).
You may withdraw your consent to having your personal data processed for marketing purposes, including customer data analysis or transfer to third parties for marketing purposes, at any time without having to give justification. The data subject also has a general right to object (Article 21(1) GDPR). In this case, you must justify your objection to the processing of your data.
If the legal basis for processing the data is consent, then this can be revoked at any time and the revocation shall be effective for future processing.
To exercise any of these data subject rights, please send an e-mail to firstname.lastname@example.org or the below-mentioned address. To exercise your right of objection regarding the processing of your personal data for the purpose of e-mail or telephone advertising, please contact email@example.com.
III. With regard to the scope of data collection and processing, intended uses and disclosure of data - here: Business contacts
For the purpose of establishing a business contact, ZPS collects and processes the personal data that we have received from you in the context of a business contact or which you provide to us, for example, through information in the context of a request, a delivery or service or another business contact. Business contact means data collection during activities, fairs, on the occasion of presentations by ZPS or other activities/events or networking meetings. We also collect generally available data, such as information resulting from a company's presence on the Internet or from other generally accessible directories (catalogues, lists of associations, etc.).
In addition to your contact details, the data collection also includes the other data you provide to us in this context (generally, in addition to the information on the business card, also other requests/enquiries or, for example, other information about the company you work for). We also collect the data that is available to us on the website of the company you work for. We process this data in order to support you and the company you work for in the course of business development in line with the objectives of ZPS.
This data is partly processed with the involvement of service providers.
If you do not reside in Germany, ZPS sends the aforementioned data to the subsidiary or sales partner of ZPS responsible for supporting trade fair customers in the respective region. In addition to this, we would like to support you in your business development Page 2 of 5 through our subsidiaries/sales partners and to establish a long-term business relationship with you.
We store the personal data of other business contacts for as long as the particular individual is of business importance to us in their role. This is checked internally every 5 years. Subsequently, data is archived if this is necessary to fulfil a statutory retention obligation, otherwise the data is deleted.
Legal basis for the processing of personal data of:
business contacts is Article 6(1)(a) GDPR if a consent is given
customers, suppliers and other service providers with regard to initiating transactions is Article 6(1)(f) GDPR (legitimate interest)
other business contacts, including transfer to subsidiaries/sales partners is Article 6(1)(f) GDPR (legitimate interest)
Our legitimate interests are the establishment and expansion (acquisition and maintenance of contacts) of business relationships. This is not possible without personal data of the business contacts, unless they fall within the definition of a legal person, or of contact persons at the business contacts.
IV. Concerning the scope of data collection, intended uses and the disclosure of data - here: Purchase of engines, spare parts or other plants
Execution of the Contract
ZPS processes the data that is provided when placing an order to fulfil the contract and, where applicable, uses a specialist service provider to do so. Data processing for the performance of a contract covers the use of data to perform the contractually agreed service, including the settlement of any possible warranty claims (possibly including the involvement of Caterpillar Inc. (CAT) in relation to the manufacturer’s warranty). If there is an application for financing, the data that is needed to provide a quote may also be shared with our financing partner (CAT Financial Services GmbH). These data are processed in accordance with point (b) of Article 6(1) GDPR.
Disclosure to external auditors and/or tax consultants as well as external lawyers
Data collected by ZPS from the purchase of engines, spare parts or other plants or use of services may also be disclosed to ZPS’s external auditors and/or tax consultants for the purposes of consultation and auditing. It is disclosed in order to fulfil legal obligations (Article 6(1)(c) GDPR).
Furthermore, ZPS collects and processes the personal data within the legal defence and law enforcement as well as defence against unwarranted claims and the legal enforcement and assertion of claims and rights. Therefore ZPS disclose the personal data also to external lawyers. It is disclosed on the basis of Article 9(2)(f); 6(1)(f) GDPR.
Data collected to perform the contract are stored by ZPS in the operational system for as long as there are warranty claims. Subsequently, data that fall under the retention obligations stipulated in Sections 146 et seq. of the German Fiscal Code (Abgabenordnung) and Section 257 of the German Commercial Code (Handelsgesetzbuch) shall be archived and then erased when these obligatory retention periods expire. All other data shall be deleted directly, unless other intended uses for the data are specified in this notice. Data is processed with regard to warranty claims on the basis of Article 6(1)(c) GDPR (performance of contract) and for the fulfilment of legal obligations (Article 6(1)(c) GDPR).
For the purpose of fighting terrorism, in particular the EU Regulations (EC) 2580/2001 and (EC) 881/2002 demand that none of our clients be affiliated with terror suspects as registered on the centrally managed lists (terrorist lists). For this reason, it is necessary that we regularly perform a data comparison of our customer data bank with the terrorist lists. The legal basis for this is both Article 6(1)(c) GDPR (fulfilment of legal obligations) and Article 6(1)(f) GDPR (legitimate interest), only if and to the extent there is no legal obligation. Our legitimate interest is in minimizing risk and avoiding (partly financial penalties for) infringement of the law.
Address Verification and Creditworthiness
For verification of address and creditworthiness, ZPS retrieves your personal/your company’s address and credit information which are saved by credit agencies in data banks. This includes data that are calculated using mathematical and statistical processes (scoring). This occurs if ZPS assumes economic risk when the contract is concluded and wishes to establish safeguards by carrying out credit checks. This information helps ZPS to calculate the extent to which ZPS is able to grant credit. Location information may also be used for private individuals in order to determine the credit limit.
The following credit agencies provide ZPS with addresses and credit information:
Creditreform München Ganzmüller, Groher & Kollegen KG, Machtlfinger Str. 13, 81379 München, Germany
CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 München
The data mentioned here is processed on the basis of Article 6(1)(f) GDPR. Our legitimate interest is in minimizing risks of default to give you an attractive debt financing.
In addition, ZPS uses the data collected in the context of the previous business relationship, in particular order data and payment behaviour data, to calculate a ZPS internal purchasing limit that is granted to you in the event of a purchase on account or by bank transfer. Page 3 of 5 Creditworthiness data as well as calculations on the risk of default that have been supplied by the aforementioned information companies as part of the previous business relationship are included in the calculation of the purchasing limit.The determined purchasing limit shall be updated with each order. The data mentioned here is processed on the basis of Article 6(1)(f) GDPR. Our legitimate interest is to calculate the risk of default in order to be able to offer you an attractive purchasing limit.
Unpaid, undisputed claims are forwarded to Creditsafe Deutschland GmbH, Schreiberhauerstr. 30, 10317 Berlin or CRIF Bürgel GmbH, Radlkoferstr. 2, 81373 München, together with your name and address, four weeks after receipt of the first written reminders. The transfer of data takes place on the basis of Article 6(1)(f) GDPR (legitimate interest) to the extent that this is necessary to safeguard our legitimate interests or those of third parties and does not outweigh the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data. The legitimate interest is the alert function for third parties. The purpose of this is to enable future creditors to be warned of financial disadvantages in the event of a business transaction with the data subject. Further information on Creditsafe Deutschland GmbH or CRIF Bürgel GmbH's activities can be found online at www.creditsafe.com/de/de/rechtliches/datenschutz and www.crifbuergel.de/de/datenschutz.
All creditworthiness data will be deleted 5 years after your last order or use of services. An automated individual decision pursuant to Article 22 GDPR is not taken in any of the aforementioned data processing operations.
V. The scope of data collection, intended uses and disclosure of data - here: Services
Performance of service
The following data protection provision contains information about the processing of personal data by ZPS that we receive in connection with the performance of services, especially, if you have concluded a service contract. The respective manufacturer of the engines, spare parts or other plants provides us with special service systems and applications in which besides technical information other personal data might be collected and processed. These include, among other things, systems with technical information whose queries involve processing your serial number, Vehicle Identification Number (VIN) or Fahrzeugidentifikationsnummer (FIN) or further identification numbers of the spare parts or other plants (e.g., for the electronic parts catalogue, repair manuals, digital workshop order management applications). Personal data is also processed through diagnostic solutions for engines, spare parts or other plants troubleshooting as well as other after-sales applications, which are explained in more detail below. In order to carry out maintenance/services, we collect the necessary data on the engines history as well as other usage data of the engines, spare parts or other plants (site data, operating values, fuel consumption, error messages, alarm messages, diagnostic codes). In addition, the so-called fault codes and fault environment data (e.g., when a specific fault occurred) are often read from the engines, spare parts or other plants as part of the repair work. These reports allow us to assess where to look for the source of a fault, how it can be rectified and whether structural parts and other components can be installed in the engines, spare parts or other plants or not. The data processed for this purpose is the serial number as well as data on the previous maintenance/services as well as the above-mentioned fault codes and fault environment data related to the corresponding engines, spare parts or other plants. We can also evaluate this data to ensure optimal maintenance condition of the engines, spare parts or other plants and carry out statistical analyses, so that we can advise you on the improved use of the engines, spare parts or other plants and inform you about customized offers for the Zeppelin Group's products and services, as well as carry out the development of new or improved products and services. The legal basis for the described processing of the data is Article 6(1)(b) GDPR (performance of contract) or Article 6(1)(f) GDPR (legitimate interests), since processing is regularly required to fulfil the service or repair order and to safeguard our legitimate interests in order to obtain the most accurate recommendations in the context of the diagnosis and to keep you informed of current developments in our products and services based on your individual needs in the future, and thus to establish a long-term business relationship.
Data on the performance of maintenance/services is used for invoicing and in some cases is subject to legal retention of up to 10 years, so that this data is only deleted once the statutory retention obligation has expired. The subsequent storage and use of the data for future diagnostic requests is based on the legitimate interest in order to obtain the most accurate recommendations in the context of the diagnosis, and thus to improve the quality of the repair and recommend new products and services (Article 6(1)(f) GDPR). This data may also be disclosed to the external auditors and/or tax consultants of ZPS for their advisory and audit purposes. Data collected to perform the contract is stored by ZPS in the operational system for as long as the warranty claims exist.
VI. Handling ex-gratia, warranty and guarantee requests
We collect data for the purpose of checking, approving and processing ex-gratia, warranty and guarantee requests. This data is further processed internally by ZPS as part of the processing of customer service requests. Caterpillar Inc. (CAT), or the respective manufacturer of your engines, spare parts or other plants is the recipient of ex-gratia requests, warranty claims and guarantee claims. Therefore, corresponding Page 4 of 5 data is transmitted to CAT or the respective manufacturer in order to enable the processing of exgratia requests, warranty and guarantee cases and fulfilment of the corresponding claims. After the exgratia, warranty or guarantee case is closed, the corresponding data is deleted. This data is processed on the legal basis of Article 6(1)(b) GDPR (performance of contract).
In some instances, data on the processing of ex-gratia requests, warranty and guarantee cases is subject to a statutory retention period of up to 10 years, so that this data is only deleted once the statutory retention period has expired. The subsequent storage and utilisation of the data for future service, warranty or guarantee requests is based on the legitimate interest to obtain the most accurate recommendations within the context of the diagnosis and thus, improve the quality of the repair (Article 6(1)(f) GDPR).
Collection of telematics data
If also a "Telematic System" from ZPS or Caterpillar Inc. is integrated, the corresponding data for the respective engines, spare parts or other plants will be collected and where contractually agreed displayed on a dashboard, accessible to you. Further information on this can be found in the data privacy notice on telematics data of ZPS.
VII. Advertising use of data by Zeppelin Power Systems GmbH
ZPS and the corresponding contracted service providers (lettershops, etc.) use the name and address for further information about products and services from the Zeppelin Group. In addition, the address is sent for advertising use to Caterpillar Inc. (CAT) in the USA.
Marketing by telephone, post and e-mail by Zeppelin Power Systems GmbH
ZPS wants to provide the best possible support to its customers in their business development. Therefore, we process the data collected in the context of the business relationship (contact details, purchased products, ordered services, etc.) also for the purpose of recommending suitable products for the further development of your company. In addition, we and any appropriately commissioned service providers process this data for marketing purposes, including associated profiling. Additional data can be consulted for this data processing to safeguard our legitimate interests (Article 6(1)(f) GDPR). These concerns, for example, further processing of usage data for individual engines, which occurs when the Telematics System of ZPS or Caterpillar Inc. is activated.
ZPS also uses your phone number for advertising purposes provided that you have given your consent for it or there is evidence of implied consent, e.g., as part of an existing business relationship. In addition, to promote its similar products, ZPS uses e-mail address collected when the contract is concluded. The right to object to advertising is indicated in the case of data collection and in the case of every advertising approach. Your e-mail address will only be used for other purposes than similar offers, if you have given your consent.
To achieve the advertising objectives, the data shall be used over a period of five years from the time the last order was placed or service was used. The data shall be erased after this five-year period expires, unless there is a consent for its extended use and/or specific data are subject to statutory retention periods. In the latter case, the data shall be erased when the statutory retention period expires.
Data are processed for advertising purposes in order to safeguard our legitimate interest (Article 6(1)(f) GDPR), which consists of keeping you informed in the future about current developments in our products and services and thus, establishing a long-lasting business relationship, unless you have expressly agreed to a particular form of advertising approach. In these cases, the data will be processed on the basis of your consent (Article 6(1)(a) GDPR).
Queries regarding the purposes of telephone market research carried out by Zeppelin Power Systems GmbH
ZPS conducts telephone surveys for market research purposes. We intend to gain insights from the telephone surveys that will help us identify how to improve our products and services. We conduct surveys of this type if you have given us separate consent for us to do so, or there is evidence of implied consent. As part of the telephone survey, we shall ask for your consent to further use of this data, including sharing survey results with Caterpillar Inc. (CAT) in the USA. If you withdraw your consent, the data will be erased. The telephone calls are carried out based on consent or in accordance with Section 7(2)(2), subclause 2 of the German Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, (UWG)). Results of the survey are processed on the basis of consent.
VIII. Sharing Data within the Zeppelin Group
ZPS shares the master data (company name, contact person, address and contact details such as telephone number and email address) with other Zeppelin Group companies so that the data can be managed and used consistently across the Group companies. This also includes sharing updates to this data, of which we or another Group company become aware. These updates shall also be made available to other Group companies. This helps simplify our processes and means you do not need to resubmit master data when contacting a different Group company. This data processing takes place on the legal basis of Article 6(1)(a) GDPR (consent).
As we manage the overall risk of controlling and evaluating the financial obligations entered into across the Group, we provide the other companies belonging to the Group with a key indicator to enable us to Page 5 of 5 determine the amount of our customers' respective receivables. The legal basis is our legitimate interest in uniform risk management with regard to the financial burdens to which the Group is exposed (Article 6(1)(f) GDPR).
A summary of the Group companies is available at www.zeppelin.com. These data shall be erased five years after you last placed an order or used services, unless specific data are still subject to obligations for continued retention in accordance with Sections 146 et seqq. of the German Fiscal Code and/or Section 257 of the German Commercial Code. In this case, the data shall be deleted when the obligatory retention periods expire. These data are processed in accordance with point (f) of Article 6(1) GDPR.
IX. Transfer of Data to Caterpillar Inc. (CAT)
ZPS transfers customer master data (company name, contact person, address) and details relating to purchased products (for example serial numbers of engines or parts) and/or used services, as well as to pseudonymized (that is, without a name reference) results of the telephone surveys (telephone interviews), to Caterpillar Inc. (CAT) in the USA. The data is processed there for any necessary recall actions or for own advertising purposes and to improve CAT's own products and services. Thus, we would like to give you an opportunity to obtain the best possible repair and maintenance service to ensure an optimal maintenance condition of your product and to be directly informed about the current news from CAT and/or be directly contacted regarding product safety in the event of a product recall. You may withdraw your consent to having your data disclosed to CAT in the USA for advertising purposes at any time by emailing firstname.lastname@example.org. Data processing in connection with results from telephone interviews is carried out on the basis of consent (Article 6(1)(a) GDPR) or with regard to the transfer of master data and service data on the basis of safeguarding the legitimate interests of ZPS and CAT (Article 6(1)(f) GDPR), such as the fulfilment of settlement and product registration purposes and the optimisation of products and services.
If you have expressly consented to this, ZPS shall forward your telephone number and/or e-mail address to Caterpillar Inc. (CAT) in the USA for advertising and/or telephone interview for market research purposes. The data is transmitted on the basis of Article 6(1)(a) GDPR.
To ensure that the level of data protection in the USA is adequate, ZPS and CAT have agreed to the standard EU contract clauses. You can obtain a copy of this Agreement from the Data Protection Officer. This data protection notice may be updated from time to time. You can find the current version of this data protection notice at zeppelin.com/de-en/powersystems/data-privacy. If there is a new intended use for data that has already been collected, we shall inform you without the need to be prompted to do so.
This data protection notice may be updated from time to time. You can find the current version of this data protection notice at https://www.zeppelin-powersystems.com/de/en/data-privacy/contracts. If there is a new intended use for data that has already been collected, we shall inform you without the need to be prompted to do so.