Privacy Statement
Introduction
Daikin Chemical Europe GmbH is a fully-owned subsidiary of the Japanese company Daikin Industries Ltd. Daikin Group produces, sells, distributes and executes marketing with regard to Sales of and technical support (Services) for DAIKIN’s fluorochemical products in Europe, Middle East and Africa, along with its European Subsidiaries: Daikin Refrigerants Frankfurt GmbH, Daikin Chemical France S.A.S., Daikin Compounding Italy S.p.A. (formerly Heroflon S.p.A.) (all together referred as “European Subsidiaries”).
Daikin Chemical Europe GmbH, together with its European Subsidiaries (hereinafter, "DCiE", "we", "us", “our”, etc.) and its mother company Daikin Industries, Ltd. (hereinafter “DIL”), is sincerely committed to the protection of Personal Data collected from Data Subjects (hereinafter “User”, “you”, “your”) offline, through e.g. paper forms, contracts, statements (hereinafter “Forms”) or online, through the website www.daikinchem.de (hereinafter "Website”) and through, for example, but not limited to, DCiE (web) applications, software and digital tools (hereinafter “Applications”).
The online service is hosted by IONOS SE Elgendorfer Str. 57 56410 Montabaur (Web Hosting Provider).
We take protection of your personal data very seriously. Therefore, we process your personal data in compliance with the applicable data protection rules, in particular the European General Data Protection Regulation (EU) 679/2016 (GDPR).
1. DATA CONTROLLERS, JOINT DATA CONTROLLERS AND PROCESSORS
Daikin Chemical Europe GmbH and its European Subsidiaries as established within the European Union are subject to the General Data Protection Regulation (EU) 679/2016 (GDPR) and to any upcoming legislation, in application of the above Regulation, entering into force in the member state in which they are established.
1.1 DATA CONTROLLERS
We inform you that any Personal Data you submit offline through Forms or online through the Website and/or the Applications is used for the purposes described below by Daikin Chemical Europe GmbH, with registered office at Am Wehrhahn 50, 40211 Düsseldorf | Handelsregister Düsseldorf HRB 28249, in its capacity of Data Controller.
Daikin Chemical Europe GmbH’s European Subsidiaries act in the capacity of Data Controllers with regard to Processing of Personal Data collected offline through Forms or online through the Website and/or Applications.
1.2 JOINT DATA CONTROLLERS
It is possible in the future that Daikin Chemical Europe GmbH, along with DIL, jointly determine, on the basis of a written agreement, purposes and means of Processing Personal Data, as Joint Data Controllers.
It is possible in the future that Daikin Chemical Europe GmbH, along with its European Subsidiaries, jointly determine, on the basis of a written agreement, purposes and means of Processing Personal Data, as Joint Data Controllers (for example, but not limited to, in any case the subsidiary is particularly involved in the Processing of Personal Data at local level for the developing of a project).
In the above cases Data Subjects whose Personal Data are to be processed by the Joint Controllers will be informed accordingly.
1.3 DATA PROCESSORS
Daikin Chemical Europe GmbH can also act as Data Processor on behalf of its European Subsidiaries for any online or offline Processing or Personal Data controlled by the European Subsidiaries.
Daikin Chemical Europe GmbH’s European Subsidiaries may act in the capacity of Data Processors on behalf and under the instructions of Daikin Chemical Europe GmbH if data processing agreements are in place.
2. Collected Personal Data
The Personal Data we collect from you strictly depends on your relationship with DCiE. Below, we describe what kind of data we collect, where it comes from, the purpose and the legal basis of the processing, its duration, and the recipients with whom the data is shared. One or several of the following specific situations may apply to you:
2.1 Processing of Personal Data when using the Services of DCiE (such as Websites)
a) Processed Data
When accessing our website or using other Services we or our web hosting provider, collect data on the basis of each access to the server (so-called server log files). Server log files may include the following information:
- the browser types and versions;
- the operating system used by the accessing system;
- the date and time of access;
- the pages of our Services that you visit;
- referrer URL (the previously visited page);
- your device’s Internet Protocol (IP) address.
When you access the Services by or through a mobile device, we may collect the following information automatically:
- the type of mobile device;
- mobile device’s unique ID;
- the IP address;
- operating system;
- the type of mobile internet browser;
- unique device identifiers and other diagnostic data.
b) The purpose of Processing and Legal basis
We use the data which we collect to provide contractual services and customer support, deliver and optimize the content of our Services correctly and to ensure the long-term viability and technical security of our systems. This purpose constitutes our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
We use the information regarding your location to provide and maintain our Service and to provide features of our Service. As part of our Services, we deliver products quickly based on the location of a customer. Therefore it is necessary to access location data. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR.
Personal data that you voluntarily submit to DCiE, e.g. via email or a contact form, will be stored for the purpose of processing or for contacting you. The legal basis for such processing is Art. 6 para. 1 lit. f GDPR.
c) Sharing your Data
DCiE may share your Personal Data with third parties who store your data on their servers. The types of third parties with whom we share your data include:
- IT service providers: including cloud providers for data storage purposes;
- External support service providers;
- Public bodies and authorities if the appropriate legal provisions exist (e.g. tax authorities and customs authorities) on the basis of Art. 6 para 1 lit. c GDPR.
d) Duration of storage
We store your Personal Data strictly as long as it is necessary to achieve the purpose of processing. If we use your personal data on the basis of a legitimate interest, we shall store it at most as long as your interest in deletion or anonymization or other fundamental data privacy rights do not prevail. In addition, data may be stored if this has been provided for by the European Union or a national legislator in regulations, laws or other provisions to which the responsible body is subject. The duration of the data storage depends on the statutory storage obligations and in general is 10 years.
2.2 Cookies
Cookies are text files which are stored on a computer system via an internet browser. Cookies are primarily used to store information about a user during or after his visit within a Service. The information stored may include, for example, the language settings on a website, the login status, or other.
The term "cookies" hereinafter also includes other technologies that fulfil the same functions as cookies (e.g. if user information is stored using online identifiers, also referred to as "user IDs"). Cookies not set by DCiE will not be accessible to us.
a) We distinguish the following types and functions of cookies:
- Temporary cookies (session cookies): Temporary cookies are deleted at the latest after a user has left an online service and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after closing the browser. For example, the login status can be saved or preferred content can be displayed directly when the user visits the website again. The interests of users who are used for range measurement or marketing purposes can also be stored in such a cookie.
- First-Party-Cookies: First-Party-Cookies are set by DCiE.
- Third party cookies: Third party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential) cookies: Cookies can be necessary for the operation of a website (e.g. to save logins or other user inputs or for security reasons).
- Statistics, marketing and personalization cookies: Cookies are also generally used to measure a website's reach and when a user's interests or behavior (e.g. viewing certain content, using functions, etc.) are stored on individual websites in a user profile. Such profiles are used, for example, to display content to users that corresponds to their potential interests. This procedure is also referred to as "tracking", i.e. tracking the potential interests of users.
b) Legal basis for the usage of cookies
The legal basis on which we process your Personal Data with the help of cookies depends on whether we ask you for your consent. If this applies and you consent to the use of cookies, the legal basis for processing your data is your declared consent according to Art. 6 para. 1 lit. a GDPR.
Otherwise, the data processed with the help of cookies will be processed on the basis of our legitimate interests according to Art. 6 para. 1 lit. f GDPR or, if the use of cookies is necessary to fulfill our contractual obligations according to Art. 6 para. 1 lit. b GDPR.
c) Duration of storage
Unless we provide you with explicit information on the retention period of permanent cookies (e.g. within the scope of a so-called cookie opt-in), the retention period is as long as it is necessary to achieve the purpose of the processing.
d) General information on withdrawal of consent and objection (Opt-Out)
Respective of whether processing is based on consent or another legal basis, you have the option at any time to object to the processing of your data using cookie technologies or to revoke consent (collectively referred to as "opt-out"). You can initially explain your objection using the settings of your browser, e.g. by deactivating the use of cookies (which may also restrict the functionality of our Services).
e) Processing Cookie Data on the Basis of Consent
We use a cookie management solution in which users' consent to the use of cookies, or the procedures and providers mentioned in the cookie management solution, can be obtained, managed and revoked by the users. The declaration of consent is stored so that it does not have to be retrieved again and the consent can be proven in accordance with the legal obligation. Storage can take place server-sided and/or in a cookie (so-called opt-out cookie or with the aid of comparable technologies) in order to be able to assign the consent to a user and/or user’s device.
2.3 Processing of Data in the process of recruiting
a) Processed Data
Personal Data that you provide us with during the application process. This may include the following data: Personal details (name, address, contact details, date and place of birth and nationality), application documents (letter of application, curriculum vitae, references, certificates, etc.).
As part of the application process, you will have to provide us with Personal Data that enables DCiE to assess the possibility of entering into a working relationship with you or which we are legally obliged to collect. Without such data we will generally not be able to conclude a contract with you or process your application.
b) Purpose of processing and legal basis
Conducting the application process. The legal basis for is Art. 6 para. 1 lit. b GDPR. We may store your application data for some time to defend ourselves against legal claims. The legal basis for this is our legitimate interest (Art. 6 para. 1 lit. f GDPR). If you consent (Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR) we may store your information in our applicant pool. You may still benefit from the rights of the Data Subject.
c) Sharing the Data
We may share your data with third parties who store your data on their servers or devices. The types of third parties with whom we share your data are:
- External service providers or other contractors (e.g. for data processing and hosting, for processing your application, recruitment agencies and recruitment software);
- Public bodies or authorities if the appropriate legal provisions exist (e.g., tax authorities and customs authorities) on the basis of Art. 6 para. 1 lit. c GDPR.
d) Storage of your Personal Data
Application data shall be deleted within a maximum of six months if the application process does not lead to an employment relationship, unless you have given consent for longer data storage in the context of the inclusion of your data in our applicant pool or if another legal basis is in place.
2.4 Managing telephone/video conferences/ screen-sharing
a) Processed Data
Personal Data provided for the use of telephone/video conference software (in particular first name, surname, e-mail address; optional: sound transmission; optional: image transmission; optional: questions when using chat functions); to the extent technically necessary, processing of data from your system to establish the connection with the provider of the conference software.
b) The purpose of processing and legal basis
Conducting telephone/video conferences/ screen-sharing; the legal basis in this case is our legitimate interest (Art. 6 para. 1 lit. f GDPR) to provide a working communication tool. Using the recorded telephone/video conferences for training and quality assurance purposes (only if prior consent has been given); the legal basis for this is Art. 6 para 1 lit. a GDPR.
c) Sharing the Data
We will share your data with third parties who store your data on their servers. The types of third parties with whom we share your data include:
- External service providers or other contractors, e.g. for data processing, video conferences and hosting.
- Other external parties, provided that the data subject was duly informed.
- Public bodies and authorities in the event of overriding legal provisions.
d) Duration of storage
Video conferences will only be recorded with the prior documented consent of the participants. We will store video conferences only as long as it is necessary to achieve the agreed purpose of processing. The technical data will be deleted if they are no longer required.
2.5 Social Media
DCiE maintains online presences within social networks and processes user data in this context in order to communicate with the active users or offer information about us.
When you visit or interact with a profile on a social media platform, Personal Data about you may be processed. Information associated with a social media profile regularly represents Personal Data. This includes messages and statements made using your profile. In addition, during your visit on a social media profile, certain information is often automatically collected, which may also represent Personal Data.
a) Processed Data
Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
b) Purpose of processing and legal basis
Contact requests and communication, tracking (e.g. interest/behavioral profiling, use of cookies), remarketing, reach measurement (e.g. access statistics, recognition of returning visitors). The legal basis for this is Art. 6 para. 1 lit. f GDPR.
c) Sharing the Data
To represent the respective forms of processing and the possibilities of objection (opt-out), we refer to the data protection policies and information provided by the Service operators of the respective networks.
In case of requests for information and the assertion of data subject rights, we advise that these can most effectively be asserted with the providers. Only the providers have access to the data of the users and can take appropriate measures and provide information directly.
- Potential data to be processed: Contact data (e.g. e-mail, telephone numbers), Content data (e.g. text input, sound input, photographs, videos), Usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Potential Data subjects: Users (e.g. website visitors, users of online services).
- Potential purposes of Processing: Contact requests and communication, feedback (e.g. collecting feedback via online forms), marketing.
- Legal Basis: Legitimate Interests (Article 6 para. 1 lit. f GDPR).
Service providers we use:
- LinkedIn: Social network; Service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; Website: https://www.linkedin.com; Privacy Policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
- YouTube: Social network and video platform; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy Policy: https://policies.google.com/privacy; Opt-Out: https://adssettings.google.com/authenticated.
3. Data transmission within affiliates, merger, joint venture
a) We may transfer Personal Data to other affiliates (§ 15 AktG – German Stock Corporation Act) or otherwise grant them access to this data. Insofar as this disclosure is for administrative purposes, the disclosure of the data is based on our legitimate business and economic interests or otherwise, if it is necessary to fulfill our contractual obligations or if the consent of the data subjects or otherwise a legal basis (e.g., Article 6 para. 1 lit. b GDPR) is present.
b) We only share your data with our personnel and with personnel of DCE and its European Subsidiaries, if this is necessary for the purposes described above.
c) We may also share your data if we should enter into a joint venture, buy, sell or merge with another company. In such a case, your data may be shared with the target company, our new business partners or owners or their advisors on the legal basis of e.g., Article 6 para. 1 lit. b GDPR.
4. International Data transfers
In some cases, the Personal Data collected from you may be processed outside the European Economic Area ("EEA"). These countries may not have the same level of data protection as the EEA. However, we are obliged to ensure that the Personal Data processed by us and our partners outside the EEA are protected in the same way as if they were processed within the EEA. Therefore, if your data is processed outside the EEA, there are certain safeguards in place. We ensure similar protection by ensuring that at least one of the following safeguards is in place:
- Your Personal Data will be transferred to countries whose level of data protection is considered appropriate by the European Commission according to Art. 45 GDPR;
- We use the standard contractual clauses approved by the EU;
- An exception as set out in Art. 49 GDPR;
- Other safeguards as specified in Art. 46 GDPR.
5. Security
1) We use strong technologies and policies to ensure that your Personal Data we hold is appropriately protected.
2) We take measures to protect your data from unauthorized access and unlawful processing, accidental loss, destruction and damage.
3) Unfortunately, the transmission of data over the internet is not completely secure. Although we take steps to protect your Personal Data, we cannot guarantee the security of the information you transmit to us; any transmission is at your own risk. Once we have received your information, we will apply strict procedures and security features to prevent unauthorized access.
4) Any third party involved in processing of Personal Data on behalf of DCiE guarantees to implement appropriate technical and organizational measures in such a manner that processing will meet the requirements of GDPR and ensure the protection of the rights of the data subject (Art. 28 GDPR).
5) Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, DCiE and the any involved third party acting as a data processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
a) the pseudonymization and encryption of personal data;
b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
6. Your rights
According to data protection legislation, you have a number of rights regarding the personal data we hold about you. If you wish to exercise any of these rights, please contact us at the contact details set out below.
a) The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your data and what your rights are according to Art. 13 and 14 GDPR. For this reason, we provide you with the information in this Privacy Notice.
b) The right of access. You have the right to access your data (if we are acting as a processor) according to Art. 15 GDPR. This will enable you, for example, to check that we use your data in accordance with data protection law.
c) The right to rectification. You have the right to have your data corrected if it is inaccurate or incomplete according to Art. 16 GDPR. You may request that we rectify any errors in the data we hold.
d) The right to erasure. This "right to be forgotten" enables you to request the deletion or removal of certain data that we have stored about you according to Art. 17 GDPR. This right is not absolute and only applies in certain circumstances.
e) The right to restrict processing (blocking of data). You have the right to “block” or “restrict” the further use of your data according to Art. 18 GDPR. If processing is restricted, we may still store your data, but will not process it further.
f) The right to data portability. You have the right to obtain your Personal Data in an accessible and transferable format so that you can re-use it for your own purposes across different service providers according to Art. 20 GDPR. However, this is not an absolute right and there are exceptions.
g) The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with a competent data protection authority according to Art. 77 GDPR.
h) The right to withdraw consent. You have the right to withdraw any consent given to us (if we rely on the consent as a legal basis for the processing of certain data) at any time with effect for the future according to Art. 7 GDPR. The legality of the processing carried out on the basis of the consent prior to the withdrawal remains unaffected.
i) The right to object to processing. You have the right to object to the processing of Personal Data concerning you based on Art. 6 para. 1 lit. e or f GDPR according to Art. 21 GDPR. This also applies to direct marketing and related profiling.
j) Specific Information on the right to object pursuant to Art. 21 para. 4 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions. DCiE will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
7. DATA PROTECTION OFFICER
Here follows the contact details of DCiE’s Data Protection Officer:
email address: euprivacy@daikin.co.jp;
Data Protection Officer, Osaka Umeda Twin Towers South, 1-13-1 Umeda, Kita-ku, Osaka, Japan 530-0001.
You may also reach a DCiE Data Protection Coordinator by using this email address:
datenschutz@daikinchem.de
8. PRIVACY BY DESIGN
DCiE commits before starting Processing activities using new technologies to carry out data protection impact assessments in accordance with GDPR and by undertaking appropriate actions accordingly.
9. FURTHER CHANGES TO THIS DATA PROTECTION NOTICE
DCiE regularly seeks to improve their efforts in protecting Personal Data. This Data Protection Notice can be changed or updated in light of upcoming legislations, both at international, European and national level.
DCiE will inform you of all substantive changes of this Data Protection Notice via offline or online means (for example, via the Website, during your first visit or with each substantial update of this Data Protection Notice). You can always find the most recent version of our Data Protection Notice available at https://www.daikinchem.de/datenschutz-privacy-statement
May 2024
Daikin Chemical Europe GmbH