PRIVACY NOTICE
Data protection notice according to GDPR
On 25.05.2018, the European General Data Protection Regulation ("GDPR") came into force. We have also updated our Privacy Policy. We comply with our duty to provide information in accordance with articles 13 and 14 ("GDPR") with the following data protection regulations. Here you will find all information regarding the handling of your data and your personal data protection rights.
This Privacy Policy ("Policy") sets out how the Daiwa Germany GmbH ("we", "us" and "our") will process as a data controller the personal data of our customers and business partners and their employees ("you" and "your") and the measures and processes we have put in place to ensure its adequate protection. Providing such information is one of the requirements of the General Data Protection Regulation 2016/679 ("GDPR").
This Policy does not form any contractual relationship between you and us, and we may amend it from time to time.
1. Controller and data protection officer
- Contact details of the controller
Daiwa Germany GmbH
Georg-Brauchle-Ring 23-25
80992 Munich
Germany - Contact details of the data protection officer
Daiwa Germany DSB:
Masahiko Kimura
Email: DPO@daiwa.de
2. Lawful processing
We will only process your personal data:
- where you have given your consent (you may withdraw your consent at any time, by making a request using the contact details set out below) (Article 6 (1) (a) GDPR);
- where the processing is necessary to provide our products or services to you/your employer (Article 6 (1) (b) GDPR);
- where the processing is necessary to respond to a request from you/your employer (Article 6 (1) (b) GDPR;
- where the processing is necessary to maintain our relationship with you/your employer (Article 6 (1) (b) GDPR);
- where the processing is necessary for compliance with our legal and regulatory obligations (Article 6 (1) (c) GDPR);
- where the processing is necessary to protect legitimate interests of us or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest (Article 6 (1) (f) GDPR).
3. What personal data we collect about you
3.1 We process the following types of personal data about you:
- your name, email address and other contact details, and date of birth;
- information about our products you/your employer hold;
- your role, position and/or job title within your employment;
- details of your preferences for types of marketing events or materials;
- details of your access to our premises, systems, websites; and
- your messages, feedback or contributions to surveys and questionnaires.
3.2 It may be mandatory for you to provide us with your personal data, to enable us to manage our business and operations, to maintain our relationship with you/your employer, to provide our products or services to you/your employer or to comply with our legal and regulatory obligations. If you fail to provide your personal data, we might be unable to maintain our relationship with you/your employer or to provide our products or services to you/your employer.
3.3 We make every effort to maintain the accuracy and completeness of your personal data which we store and to ensure all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
4. How we collect personal data
We usually collect your personal data from the information you/your employer submits during the course of your/your employer's relationship with us. This will typically be through [you/your employer sending us emails and other correspondence, business cards, the forms and documents used when you/your employer signs up to our marketing or market data news lists, when you are named as an authorised person to trade on behalf of your employer, the sign up information you/your employer uses to access any of our products or services either on your own behalf or on behalf of your employer.]
We may also collect your personal data from other sources such as our group companies, our dealers or retail partners, magazine publishers, PR firms, fraud prevention agencies, credit reference agencies, the records of governmental agencies and social media.
5. How we use personal data
We will process your personal data in connection with the management of our relationship with you/your employer and the provision of our products and services to you/your employer for the following purposes:
- to provide you/your employer with requested products or services;
- to respond to your/your employer's messages or posts to us;
- to manage our product guarantees for registered products;
- to provide you/your employer with promotional and marketing materials about our products and services that we think you/your employer may be interested;
- to manage, develop and improve our product range, services, stores, information technology systems and websites;
- for monitoring and assessing compliance with law and our policies and standards;
- to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes;
- for administrative purposes in relation to the security of and access to our systems, premises, platforms and websites and applications;
- to comply with court orders and exercise and/or defend our legal rights;
- for any other legitimate business purpose; and
- as otherwise permitted or required by any applicable law or regulation.
6. International transfers of personal data
Your personal data may be transferred to (including accessed in or stored in) a country or territory outside the European Economic Area ("EEA"), including to countries whose laws may not offer the same level of protection of personal data as are enjoyed within the EEA. In particular, we may share your personal data with our group companies outside of the EEA including Japan. We will ensure that any such international transfers are made subject to appropriate or suitable safeguards as required by the GDPR. You can obtain copies of the relevant safeguard documents by making a request using the contact details set out below.
7. When we may disclose your personal data
We do not and will not sell, rent out or trade your personal data. We will only disclose your personal data to the following recipients:
- to our group companies;
- to companies approved or designated by you;
- to third parties who process your personal data on our behalf (such as our systems providers including cloud providers);
- to third parties who process your personal data on their own behalf but through providing you or your employer with a service on our behalf (such as our suppliers);
- to companies providing services for money laundering checks, credit risk reduction and other fraud and crime prevention purposes and companies providing similar services, including financial institutions, credit reference agencies and regulatory bodies with whom such information is shared;
- to any third party to whom we assign or novate any of our rights or obligations;
- to any prospective buyer in the event we sell any part of our business or assets; and
- to any government, regulatory agency, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
8. How we protect your personal data
We are committed to safeguarding and protecting your personal data. We take technical and organizational measures in accordance with the requirements of Article 32 GDPR and § 19 TTDSG to protect the personal data of the user. All employees involved in the processing of personal data are bound to data secrecy.
9. Your rights in relation to the personal data we collect
9.1 Under the GDPR you have the right:
- to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing, or objection, the existence of a right of appeal, the origin of your data, if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about their details;
- in accordance with Article 16 GDPR to demand the correction of incorrect or completion of your personal data stored by us without delay;
- in accordance with Article 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims is necessary;
- pursuant to Article 18 GDPR to restrict the processing of your personal data, insofar as the correctness of the data is disputed by you, the processing is disputed, the processing is unlawful, but you object to its erasure and we no longer need the data, but you need it to assert, exercise or defense of legal claims or you object in accordance with Article 21 GDPR objected to the processing;
- in accordance with Article 20 GDPR your personal data that you have provided to us in a structured, common and machine-readable format, or to have it or to request the transfer to another controller;
- in accordance with Article 7 (3) GDPR, to revoke your consent, once given, to us at any time. As a result, we will no longer process the data based on this consent for the future. consent may no longer be continued in the future; and
- pursuant to Article 77 GDPR to complain to a supervisory authority. You can also contact the supervisory authority of your usual place of residence or workplace or the supervisory authority of our place of work or our company headquarters.
- pursuant to Article 21 GDPR to object to the processing of your personal data, insofar as there are grounds for doing so which arise from your particular situation or if the objection is directed against direct advertising. is directed. In the latter case, you have a general right of objection, which is implemented without implemented by us without specifying a particular situation. You have the possibility to object by telephone, by e-mail, by fax or to our postal address listed at the beginning of this data privacy notice.
9.2 In any of the situations listed above, we may request that you prove your identity by providing us with a copy of a valid means of identification in order for us to comply with our security obligations and to prevent unauthorised disclosure of data.
10. How long we will hold your personal data for
We process and store the personal data for the duration of the business relationship existing between the customer and us. This also includes the initiation of an agreement (pre-contractual legal relationship) and the processing of an agreement.
In addition, we process and store the personal data insofar as this is necessary due to legal obligations to retain and document data. Such obligations arise, among others, from the German Commercial Code (HGB) and the German Fiscal Code (AO). Furthermore, other statutory provisions may require a longer retention period, such as the preservation of evidence within the scope of statutory limitation provisions.
If the data are no longer required for the fulfillment of contractual or legal obligations and rights, they are regularly deleted, unless their further processing is necessary for the fulfillment of purposes justified by an overriding legitimate interest by us within the meaning of Article 6(1) (f) GDPR. An overriding legitimate interest exists, for example, if deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and processing for other purposes is precluded by appropriate technical and organizational measures.
11. Direct Marketing
If you tell us that you do not wish we or any of our group companies to provide you with information about our products and services and other marketing materials, we will not contact you further for the purpose of direct marketing. You can contact us using the contact details set out below.
12. Cookies and Third-Party-Tools
A "cookie" is a small text file that is stored on a user's hard drive or mobile device. Cookies are generated by web servers when the user enters an internet page, and are passed to the user's computer or mobile device and stored for subsequent future access. They perform a number of functions associated with browsing websites and are used for a variety of different purposes, such as tracing users from page to page on an internet site. This can enhance a user's experience on a website, enabling the site to be personalised according to e.g. a user's preferences and browsing activities.
We only use cookies in certain areas of this website and the purposes for which they are used are detailed below. You are not obliged to accept a cookie and you can modify your browser so that it will not accept cookies. However, if you do so this may affect your browsing experience and certain functions within the website may not work.
This website uses the following cookies:
12.1 First party cookies
Consent Cookie
Name: “websettings”
Purpose: Store the consent settings for the user
Storage duration: 1 month
PHP Session Cookie
Name: “DCS”
Purpose: Authentication of the user to the server for the php session (e.g., to login)
Storage duration: Session
12.2 Third-Party-Cookies/Third-Party-Tools
Google Analytics
Name: “_ga” and “_ga_[ID]”
Storage duration: 1 year
Purpose:
IIf you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
- Page views
- First visit to the website
- Start of session
- Web pages visited
- Your "click path", interaction with the website
- Scrolls (whenever a user scrolls to the end of the page (90%))
- Clicks on external links
- internal search queries
- Interaction with videos
- file downloads
- seen / clicked ads
- language setting
Also recorded:
- Your approximate location (region)
- date and time of your visit
- Your IP address (in shortened form)
- technical information about your browser and the terminal devices you use (e.g. language setting, screen resolution)
- your internet service provider
- the referrer URL (via which website/ via which advertising medium you came to this website)
On behalf of us, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website.
Recipients of the data are/may be:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Article 28 GDPR).
- Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
For data transfers to the USA, the European Commission adopted its adequacy decision (Article 45 GDPR) on July 10, 2023. Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (for example, Singapore) cannot be completely ruled out, we have also concluded the EU standard contractual clauses with Google.
The legal basis for this data processing activity is your consent pursuant to Article 6 (1) (a) GDPR and § 25 (1) TTDSG.
Please follow this link for more information on the privacy policies of the third party sites:
https://support.google.com/analytics/answer/6004245
Youtube
If you have given your consent, this website uses YouTube, a video streaming service of Google LLC. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Upon contact with the YouTube servers, cookies from YouTube are set. In this case, the YouTube servers are also informed about which of our pages you have visited. If you are logged into your YouTube account, YouTube also allows the direct allocation of your browsing behavior to your personal profile. You can prevent this by logging out of your YouTube account. The legal basis for the processing is your consent pursuant to § 25 (1) TTDSG and Article 6 (1) (a) GDPR. Basis for the data transfer to Google Inc. is the adequacy decision according to Articles 44, 45 GDPR.
Please follow this link for more information on the privacy policies of the third party sites: https://support.google.com/analytics/answer/6004245
OpenStreetMap
Some pages on this website contain maps provided by the OpenStreetMap Foundation, 132 Maney Hill Road, Sutton Coldfield, West Midlands, B72 1JU, United Kingdom. OpenStreetMap is an open source mapping tool. The integration of the map on our website is done by means of an iframe or by retrieving the so-called tiles (map images) from the OpenStreet Map's server. As a result, your IP address is transmitted to the OpenStreetMap server. Furthermore, a session cookie is set.
The legal basis for the integration of OpenStreetMap is § 25 (1) TTDSG and Article 6 (1) (a) GDPR, as we only integrate OpenStreetMap with your given consent.
Information on data privacy and legal conditions at Openstreetmap can be found at the following links:
- https://wiki.osmfoundation.org/wiki/Privacy_Policy#Map_Data
- https://wiki.osmfoundation.org/wiki/Licence/Licence_and_Legal_FAQ
13. How we update or change this privacy notice
We may change or update parts of this notice in order to maintain our compliance with applicable law and regulation or following an update to our internal practices. We will do this by updating this privacy notice. You will not necessarily be directly notified of such a change. Therefore, please ensure that you regularly check this privacy notice so you are fully aware of any changes or updates.
14. How to lodge a complaint to the privacy authorities
You are entitled to lodge a complaint with a data protection authority if you consider that we have breached your data protection rights. Our competent data protection authority is the Bavarian State Office for Data Protection Supervision (Bayerisches Landesamt für Datenschutzaufsicht), which can be contacted at:
Bayerisches Landesamt für Datenschutzaufsicht
PO Box 1349
91504 Ansbach
Germany
Telephone: + 49 (0) 981 180093-0
Email: poststelle@lda.bayern.de
Website: https://www.lda.bayern.de/de/kontakt.html
Date Updated: 13.11.2023