Privacy policy
Privacy Policy (14.08.2023)
With the following information we would like to inform you about the processing of your personal data by us and your rights resulting from the data protection laws and especially from the general data protection regulation (regulation (EU) 2016/679 - "GDPR").
Table of contents
1 Controller and data protection officer 2
Controller in accordance with Art. 4 VII GDPR is: 2
If you have any questions concerning data protection, you are welcome to contact our company data protection officer: 2
2 What are my rights as a data subject? 3
3 General information regarding the topic „purposes“ 5
4 General information regarding the topic „legal bases“ 5
4.1 Legal bases for the processing of personal data. 6
4.2 Legal bases for the processing of special categories of personal data. 6
5 General information regarding the topic „obligation to preserve records and time limits of erasure“ 8
6 General information regarding the topic „disclosure of personal data“ 8
7 Cookies 9
7.1 General information regarding the topic „cookies“ 9
7.2 Cookie overview.. 10
8 In the context of which processing activities are my personal data processed? 10
8.1 Processing activity – Collection and processing of personal data. 10
8.2 Processing activity – Collection and processing of communications and usage data. 11
8.2.1 Privacy Policy for using Web analytics. 11
8.2.2 Privacy Policy for using Google Analytics. 11
8.2.3 Privacy Policy for using Microsoft Clarity 12
9 Konica Minolta Global Policy. 12
1Controller and data protection officer
Controller in accordance with Art. 4 VII GDPR is:
Konica Minolta Business Solutions Europe GmbHEuropaallee 17, 30855 Langenhagen
Tel.: +49 (0)511 7404-0
Email: info@konicaminolta.eu
(See our Imprint)
If you have any questions concerning data protection, you are welcome to contact our company data protection officer:
Dr. Frederike RehkerKonica Minolta Business Solutions Europe GmbH
Europaallee 17, 30855 Langenhagen
Tel.: +49 (0)511 7404-0
Email: dataprotection@konicaminolta.eu
2What are my rights as a data subject?
As a data subject, you have the following rights:2.1 Right of access (Art. 15 GDPR): You have the right to be informed at any time of the categories of personal data processed, the purposes of processing, any recipients or categories of recipients of your personal data and the planned storage period.
2.2 Right of rectification (Art. 16 GDPR): You have the right to request the rectification or completion of personal data concerning you that is incorrect or incomplete.
2.3 Right to erasure („right to be forgotten“) (Art. 17 GDPR): You have the right to request the immediate erasure of your personal data. In particular, we are obliged as the controller to delete your data in the following cases:
- Your personal data is no longer needed for the purposes for which it was collected.
- A processing of your personal data took place solely on the basis of your consent, which you have now withdrawn, and there is no other legal basis that legitimises a processing of your personal data.
- You have objected to a processing which is based on the legitimate or public interest and we cannot prove that there are legitimate grounds for processing.
- Your personal data has been processed unlawfully.
- The erasure of your personal data is necessary in order to comply with a legal obligation to which we are subject.
- Your personal data has been collected in connection with information society services offered in accordance with Art. 8 I GDPR.
- Your personal data is used to exercise the right to freedom of expression and information.
- Your personal data serves to fulfil a legal obligation to which we are subject.
- Your personal data is used to carry out a task that is in the public interest or in the exercise of official authority that has been assigned to us.
- Your personal data serves the public interest in the field of public health.
- Your personal data are necessary for archiving purposes in the public interest, for scientific or historical research or for statistical purposes.
- Your personal data serve for us to establish, exercise or defend legal claims.
- You contest the accuracy of your personal data and we have to verify the accuracy of your personal data.
- The processing of your personal data is unlawful and instead of erasing your personal data, you request a restriction of processing.
- We no longer need your personal data for the fulfilment of the specific purposes, but you still need this personal data to establish, exercise or defend legal claims.
- You object to the processing of your personal data and it has not yet been determined whether your or our legitimate reasons override this.
The requirements for the applicability of data portability are:
- Your personal data is automatically processed based on your consent or a contract.
- Your personal data does not serve to fulfil a legal obligation to which we are subject.
- Your personal data will not be used to perform a task that is in the public interest.
- Your personal data do not serve for the performance of a task which is performed in the exercise of a official authority delegated to us.
- The exercise of your right shall not interfere with the rights and freedoms of others.
Furthermore, you may also at any time object to the processing of your personal data for the purposes of direct marketing or profiling linked to such direct marketing.
Should you object to the processing of your personal data based on a legitimate interest, we will check in each individual case whether we can show grounds worthy of protection that override your interests and rights and freedoms. In the event that there are no reasons worthy of protection on our part or your interests as well as rights and freedoms override our own, your personal data will no longer be processed. An exception is made if your personal data is still used for the establishment, exercise or defence of legal claims.
If you object to the processing of your personal data for the purposes of direct marketing or profiling, insofar as this is linked to such direct marketing, your personal data will no longer be processed for these purposes.
2.7 Right to lodge a complaint with the supervisory authority (Art. 77 GDPR): You also have the right to lodge a complaint with a supervisory authority at any time, in particular with a supervisory authority in the Member State of your residence, place of work or place of suspected infringement, if you consider that the processing of personal data concerning you is in breach of the data protection regulations.
The address of the supervisory authority responsible for our company is:
Nemzeti Adatvédelmi és Információszabadság Hatóság
ugyfelszolgalat@naih.hu
1363 Budapest, Pf.: 9.
Cím
1055 Budapest,
Falk Miksa utca 9-11
3General information regarding the topic „purposes“
As a matter of principle, the processing of your personal data by us is always linked to a specified, explicit and legitimate purpose, which has already been defined before the processing activity is commenced, in accordance with the principle of purpose limitation under Art. 5 I lit. b GDPR. In the further course of this privacy policy, when a processing activity is cited, a description of the specific purpose is also included.4General information regarding the topic „legal bases“
We process your personal data in accordance with the GDPR. Accordingly, the processing of your personal data is always founded on a legal basis. Article 6 of the GDPR defines legal bases for the processing of personal data.4.1Legal bases for the processing of personal data
ConsentIf we obtain your consent for the processing of your personal data, the processing will be carried out on the legal basis of Art. 6 I 1 lit. a GDPR. The following example serves to clarify this legal basis: You receive advertising from us by electronic mail and/or telephone and have given your prior consent.
Contract or pre-contractual measure
If the processing of your personal data is necessary for the fulfilment of a contract with you or for the implementation of pre-contractual measures taken in response to your request, the legal basis on which the processing of your personal data is based is Art. 6 I 1 lit. b GDPR.
Legal obligation
In cases where the processing of your personal data is necessary to comply with a legal obligation to which we are subject, this processing is based on Art. 6 I 1 lit. c GDPR.
Vital interest
Should the processing of your personal data be necessary to protect your vital interests or those of another person, this processing is carried out in accordance with Art. 6 I 1 lit. d GDPR.
Public interest
In cases where we process your personal data in order to perform a task which is in the public interest or in the exercise of official authority delegated to us, Art. 6 I 1 lit. e GDPR constitutes the legal basis.
Legitimate interest
If the processing of personal data is necessary to safeguard a legitimate interest of our company or a third party and at the same time the interests, basic rights and fundamental freedoms of the data subject, which require the protection of personal data, do not override our legitimate interest, Art. 6 I 1 lit. f GDPR serves as the legal basis for the processing.
4.2Legal bases for the processing of special categories of personal data
If, in extraordinary cases, we need to process special categories of personal data, such as- data on racial or ethnic origin (e.g. skin color or special languages),
- data on political opinions (e.g. party memberships),
- data on religious or philosophical beliefs (e.g. membership of a sect),
- data on trade union membership,
- genetic data,
- biometric data (e.g. fingerprints or photographs),
- health data (e.g. identification numbers for disabilities),
- or data concerning the sex life or sexual orientation
Explicit consent
If you have given us your explicit consent for the processing of the above categories of personal data, this constitutes the legal basis for the processing in accordance with Art. 9 II lit. a GDPR.
Performing duties under social security/protection and employment law
If the processing of special categories of personal data relating to you is necessary in order to comply with a legal obligation arising from social security/protection or employment law, the legal basis for this processing is Art. 9 II lit. b GDPR.
Protection of vital interests
If the processing of special categories of personal data relating to you should be necessary to protect your vital interests or those of another person, such processing is carried out pursuant to Art. 9 II lit. c GDPR.
Manifestly public data
Insofar as special categories of personal data of yours are processed, which have previously been made public by yourself, the processing of these data is based on Art. 9 II lit. e GDPR.
Establishment / Exercise / Defence of legal claims
Insofar as the processing of the special categories of personal data relating to you serves us to establish, exercise or defend legal claims, Art. 9 II lit. f GDPR constitutes the legal basis for the processing.
Substantial public interest
In the case of the processing of special categories of personal data concerning you in order to safeguard a substantial public interest arising from EU or national law, the processing is based on Art. 9 II lit. g GDPR.
Assessment of the person's work capacity or other medical purposes such as health care
If the processing of special categories of personal data relating to you arises from a law of the EU or a Member State or a contract concluded with a member of a health profession and is carried out for the purposes of preventive health care, occupational medicine, assessment of an employee's work capacity, medical diagnosis, care or treatment in the health or social field or the management of systems and services in the health or social field, this processing is based on Art. 9 II lit. h GDPR.
Public interest in the area of public health
If the processing of special categories of personal data of yours should be necessary for public health reasons, including protection against cross-border health threats such as pandemics, this processing is carried out on the legal basis of Art. 9 II lit. i GDPR.
Archival purposes, scientific / historical research purposes, statistical purposes
Should the processing of special categories of personal data relating to you arise from a right of the EU or a member state, which stipulates processing for archiving, scientific or historical research or statistical purposes in the public interest, this processing is based on Art. 9 II lit. j GDPR.
5General information regarding the topic „obligation to preserve records and time limits of erasure“
Unless otherwise stated, we delete personal data in accordance with Art. 17 GDPR or restrict its processing in accordance with Art. 18 GDPR. Apart from the retention periods stated in this privacy policy, we process and store your personal data only as long as the data are necessary for the fulfilment of our contractual and legal obligations. Personal data that are no longer required after the purpose has been fulfilled will be regularly deleted, unless further processing is required for a limited period of time, which may result from other legally permissible purposes. In order to fulfil documentation obligations as well as to comply with statutory obligations to preserve records in Germany, the necessary documents are kept for six years in accordance with § 257 I Commercial Code (HGB) and for ten years in accordance with § 147 I of the Fiscal Code of Germany (AO).6General information regarding the topic „disclosure of personal data“
Recipient of your dataWe do not sell or rent user data in principle. A transfer to third parties beyond the scope described in this privacy policy will only take place if this is necessary for the processing of the respective requested service. For this purpose, we work together with service providers in the areas of marketing, sales, IT, logistics and human resources, among others. We select these service providers extremely carefully. In other cases we transfer data to requesting governmental authorities. However, this only takes place if there is a legal obligation to do so, for example if a court order exists.
Locations of the processing of your personal data
In principle, we process your data in Germany and in other European countries (EU/EEA). If your data is processed in countries outside the European Union or the European Economic Area (i.e. in so-called third countries), this will only take place if you have expressly consented to it, if it is stipulated by law or if it is necessary for our service provision to you. If, in these exceptional cases, we process data in third countries, this will be done by ensuring that certain measures are taken (i.e. on the basis of an adequacy decision by the EU Commission or by presenting suitable guarantees in accordance with Art. 44ff. GDPR).
7Cookies
7.1General information regarding the topic „cookies“
We use cookies on our portal. Cookies are small text files that are stored on your hard drive in accordance with the browser you are using and through which certain information flows to the website that sets the cookie. Many of the cookies we use are deleted after the browser session ends (so-called session cookies). Other cookies remain on your end device and enable us to recognize your browser on your next visit (persistent cookies).Cookies are used on our website for various purposes. For a better overview, each cookie has been assigned to one of the following categories:
Technically necessary
Cookies that belong to this category are necessary to ensure the core functionality and/or security of this website.
Functionality
Cookies of this category are used to increase user comfort e.g. by storing preferences such as language settings, text size adjustments, user names or local settings.
Marketing
These cookies are used by advertisers to serve ads that are relevant to their prospects.
Performance and analysis
This type of cookie is used to help us analyze website usage in order to measure and improve performance.
In the settings of the browser you use, you have the option of rejecting the acceptance of cookies or, for example, to limit this rejection to cookies from other parties, so-called third-party cookies. However, the browser settings you have made may mean that you may not be able to use all the functions of our website to their full extent.
Here you will find further information on the administration of cookies for corresponding browsers:
8In the context of which processing activities are my personal data processed?
8.1Processing activity – Content Management System / Kentico
For our portal we use the Content-Management-System (short: CMS) called Kentico. Kentico is operated by the company Kentico software s.r.o, Nové sady 996/25, 602 00 Brno, Czech Republic. The CMS is used to present and manage websites, online stores, intranets or other corporate websites. We use Kentico xperience 12 as CMS, which is hosted on premise in the Konica Minolta Datacenter Germany. It enables us to create portal content and distribute it to the portals for our subsidiaries and partner companies via defined workflows. We have connected Kentico to our SDL translation management platform to initiate translations directly from Kentico and enable automatic distribution of these translations to our subsidiaries and partners' websites.In the course of using the CMS, we collect activity data from all visitors of our portals in an anonymous form. Once visitors to our portals identify themselves, e.g. Log-In or by filling out a contact form, this information is attached to their email address.
The portal enables customers to
- Purchase product and services
- Raise service requests
- Raise claims
- Record meter readings
- Maintain user data and adresses
- maintain product location information
- Title
- First Name
- Last Name
- Email Address
- Company Name
- Billing and Shipping Address
- Mobile Phone
- IP Address
- Purchase History
- Invoice History
- Service Calls History
As part of the technical implementation of the individual functions of the CMS, Kentico sets cookies. Further information on the subject of cookies can be found under "7. Cookies".
The legal basis for the processing of your personal data in the scope of the visitor activities collected within the scope of the use of Kentico is our legitimate interest pursuant to Art. 6 I 1 lit. f GDPR. Our legitimate interest here is to ensure the operation and security of our portals.
Further information on data protection at Kentico can be found under the following address: https://kenticocloud.com/privacy
8.2Processing activity – Webanalytics
8.2.1Usercentrics
On our portal we use the Usercentrics Consent Management Platform. This is a consent management tool based on JavaScript. With the help of this tool, we can give the visitor of our portal both an overview of the essential software solutions used and the possibility to decide on the use of any other software solutions that require prior consent. Furthermore, the platform offers the visitor the possibility to withdraw any given consent at any time without giving reasons and thus to prevent the future processing of personal data by the respective software solution. Furthermore, with the help of the platform, we can meet the requirement resulting from the GDPR for consent management, which provides, among other things, the possibility to prove that consents have been given or not.In the context of the use of the Usercentrics Consent Management Platform, the following data may be processed, among other things:
- Consent data
- Consent -ID
- Consent status (Opt-in, Opt-out)
- Consent timestamp
- Language of the consent banner
- Version of the banner template
- Device data (http Agent, http Referrer)
Deletion of your personal data in connection with the use of the Usercentrics Consent Management Platform will take place as soon as it is no longer required to fulfill the purpose. In case of withdrawal of consent, we retain the information regarding the withdrawal for three years. The retention results on the one hand from the accountability according to Art. 5 II GDPR. The period of this limitation begins according to § 199 BGB with the end of the year in which the claim arose. Thus, the statute of limitations begins at the end of December 31 of the year in which the withdrawal occurred and ends three years later on December 31 at 00:00.
8.2.2Processing activity - Google Analytics
Last GA description (also in BEU standard privacy policy):We use the Google Analytics service on our website. This is a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our services and make them more interesting for you as a user.
Within the scope of the use of Google Analytics, cookies are set on your terminal device, which enable an analysis of your visit / your use of our website. Further information on the subject of cookies can be found under "7. Cookies".
You may refuse the use of cookies by selecting the appropriate settings in your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) as well as the further processing of this data by Google by downloading and installing the browser plugin available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).
On behalf of the operator of this website, Google will use the information received to evaluate your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.
The data stored in the cookies about your visit and use of our website may be transmitted to Google's servers. However, due to the activated anonymisation function, your IP address is already shortened within the European Union or the European Economic Area before it is transmitted to Google. Furthermore, the IP address transmitted by your browser will not be merged with other data from Google. Due to the localisation of Google, the transfer of your personal data to Google may constitute a third country transfer. A third country transfer is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. In such a country, insofar as the EU Commission has not classified this country as a safe third country in accordance with Art. 45 of the GDPR, there is no adequate level of data protection and the protection of your data is not guaranteed. This leads to a lack of enforceability of your data subject rights and possibly to disproportionate access to your personal data by state authorities.
The legal basis for the processing of your personal data in the context of the use of Google Analytics is your consent pursuant to Art. 6 I 1 lit. a GDPR. A potential transfer of your personal data to a third country in the context of the use of Google Analytics (third country transfer) takes place exclusively on the basis of an adequacy decision of the EU Commission for the third country, an appropriate safeguard or a condition pursuant to Art. 49 GDPR. In this case, the potential transfer of your personal data is based on your consent pursuant to Art. 49 I lit. a GDPR. Information on your right of withdrawal can be found under point 2.8 "Right of withdrawal (Art. 7 GDPR)" in this privacy policy.
On behalf of the provider of this website, Google will use the information obtained for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website provider.
For more information on Google's terms of use and data protection, please visit https://www.google.com/analytics/terms/de.html or https://www.google.com/intl/de/analytics/privacyoverview.html.
8.2.3Processing activity – Microsoft Clarity
- Microsoft Clarity
Microsoft Clarity provides website usage statistics, session recordings, and heatmaps, created mainly through the tracking of mouse movements. Microsoft Clarity will use the processed information for evaluating the use of our website, compiling reports on website activity, and providing other services related to the use of the website. Hence, we use Microsoft Clarity to analyze and regularly improve the user behavior on our website and with the help of the statistics we obtain, we can make our offer more interesting and user-friendly for you as a user.
The collection of your user data is done via cookies, which are set on your end device and enable an analysis of the visit of our website. For more information on cookies, please see "7. Cookies" in this privacy policy.
We will process the following data with Microsoft Clarity:
- Unique user ID
- Date and time of visit
- IP Address
- Location data
- Session ID
- User behavior
- Interaction data
- Mouse movements
- Clicks
- Scrolling activity
In exceptional circumstances, due to Microsoft's headquarters, your personal data may be transferred to the USA and thus be transferred to a so-called third country. A transfer to a third country is a transfer of personal data to a destination in a country that is neither in the European Union nor in the European Economic Area. Microsoft Corporation is certified under the DPF so that the GDPR standard of data protection applies to these transfers.
The legal basis for the processing of your personal data in the context of the use of Microsoft Clarity is your consent pursuant to Art. 6 I lit. a GDPR. Information on your right of withdrawal can be found under point "2.8 Right of withdrawal (Art. 7 GDPR)" in this privacy policy.