Data Protection - Customer

Effective date: 1 May 2020

The purpose of this Customer Contact Data Protection Notice is to provide persons representing our customer companies with information of their personal data processing and protection. This Data Protection Notice provides a general description of such personal data processing. Therefore, all details provided in this Customer Contact Data Protection Notice may not apply to your case in particular. Generally, we process your basic personal data, such as your contact information, to conduct business with the company you represent.

What personal data of mine is processed?

As a rule:

  •  your essential personalization information;
  •  information of the company you represent;
  •  your contact details;

Depending on your activity:

  •  technical identifiers;
  •  consents you have given to us;
  •  behavioural data (e.g. how you have used our digital services);
  •  your payment information;

Examples of data attributes include:

For Chinese customer contacts, below personal data will be processed:

Who is responsible for processing my personal data?

Konecranes Plc (established in Finland and being the parent company of Konecranes Group) has the overall responsibility and supreme decision-making power. Konecranes Global Corporation (established in Finland) has the limited responsibility for Konecranes Group centralized IT systems/applications (incl. subcontracting) as well as international transfers of personal data outside EU/EEA

You can contact us by sending an email to data.protection(a)konecranes.com

For Chinese customer contacts, please note:

What permits the use of my personal data?

We have a lawful right to process your personal data based on our legitimate interest to conduct business with the company you represent.

For Chinese customer contacts, normally the legal basis for processing their personal data is consent. While under the relevant laws, we do not require your consent to process your personal data when:

Why is my personal data processed?

Generally, we need to process your personal data in order to enable successful direct and indirect business transactions with the company you represent - such as receipt of orders and delivery of products and services (direct) as well as development of our internal processes and systems to support these transactions (indirect).
In detail, we use your personal data for the following purposes:
1) Business development and reporting;
2) Quality management;
3)  Research and development of products and services;
4)  Production, management, maintenance and research and development of processes, IT services and infrastructure;
5) Marketing activities;
6) Sales activities;
7) Customer relationship management ("CRM");
8) Manufacturing of products;
9) Delivery of products and services
 (incl. access to Konecranes Group digital channels and records of product/service training completed by the customer contacts);
10)  Invoicing, taxation and related financial transactions; and
11)  Ensuring the integrity of Konecranes Group business environment and processes (incl. system/security monitoring for the prevention or inspection of misuse as the case may require);
12) Background studies of customers (incl. customer contacts as necessary);
13) Organizing events;
14) Ensuring personnel safety  (incl. customer contacts);  and
15) Archiving of non-active personal data in the scope of other purposes of uses and defined retention rules;

16) Fulfilling and/or defending the rights and obligations of the company;

We may use your personal data also to improve customer experience and to develop products and services by analysing your interests. Based on data collected in connection to our communications and interactions with you, we may analyse needs for further customer relationship management and/or sales related activities.
We may categorize customers and customer contact persons based on the data collected to better target our services to you. This may include targeting of marketing, satisfaction surveys and sales related communications. Categorization of customers is partly based on automated decision-making. For instance, we may categorize you automatically based on your reactions regarding our marketing messages. However, our automated decision-making does not produce legal or similarly significant effects concerning you. Our categorization occurs on a general level and we only use limited number of your personal data for categorization purposes.

For China customer contacts-

The processing purpose of your personal data are:

The processing purposes of your sensitive personal data are:

The necessity of our processing of your sensitive personal data:

The impact of our processing of your sensitive personal data on data subjects’ personal rights and interests: Misuse of the personal data by a third party, resulting in damage to data subject’s privacy and personal dignity or suffering damages to bodily or property safety in case of accidental leakage of such sensitive personal data.

The processing method of your personal data (including sensitive personal data) includes collection, storage, usage, transmission, provision, and deletion.

How do I benefit from my personal data processing?

Our use of your personal data enables and supports you for its part in fulfilling your employment duties related to business transactions between us and the company you represent.

What rights do I have?

You have always the right to:

  • Object the processing of your personal data on the grounds of our legitimate interest; and
  • Opt-out from receiving any of our direct marketing messages and materials.

At any time, you have also the right to:

  • Gain access to your personal data;
  • Verify the accuracy of your personal data;
  • At your request, have your incomplete, inaccurate or outdated personal data amended, modified or erased; and
  • Under certain circumstances, restrict the processing of your personal data;
  • Under certain circumstances, be forgotten by us; and
  • Lodge a complaint with a supervisory authority.

You can exercise these rights by sending us email to data.protection(a)konecranes.com or by filling out the form in

For Chinese customer contacts, the data subjects also have the below legal rights under China data protection laws:

What adverse effects might the processing cause to me? How are these effects mitigated?

As required by mandatory data protection laws, we have completed a thorough analysis concerning the risks potentially caused by our Customer Contact Data processing to your rights and freedoms.

As with any data processing, certain risks are possible also in ours relating mainly to

  • the level of  confidentiality of your personal data;
  • general data security matters; and 
  • your inability to access our systems and services.

However, severities of these risks have been recognized to be low and having a remote possibility only. Moreover, we mitigate these risks actively i.a.by:

  • continuously training our personnel,
  • providing and developing detailed instructions; and
  • implementing and enhancing our data security practices.

From where is my data collected and obtained?

We collect your personal data:

  • directly from you e.g. when you register to our digital services or participate in a sales meeting or have a phone call with us;
  • from your superiors or colleagues;
  • from our own employees or business partners; and
  • to a limited extent by observing your behaviour in our digital services.

Does my personal data leave from EU/EEA?

Yes, depending on the case we may transmit your personal data outside EU/EEA:

  • inside our group of companies but also to our external business partners who provide services to us.

Your personal data may be transferred to following countries for processing:

Who else processes my personal data?

We use reliable subcontractors to provide us e.g. with IT services enabling our personal data processing - these services include, without limitation, provision of different infrastructure, software and applications utilized routinely in contact data processing within global groups of companies.

 

 

Who else will receive my personal data?

As a rule, we do not disclose your data out of our effective control except if so required by the law in case a court or the police or other law enforcement agency has asked us for it.

Additionally, your data may be disclosed in a limited manner to our trusted business partners.

How is my data secured?

Your personal data is protected by technical and organizational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of your personal data.

Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.

Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing your personal data as part of their tasks is trained and properly instructed in data protection and data security matters.

How long is my personal data kept and used?

At most ten (10) years after the last business activity where you have been involved.

Additionally, as the case may require, we may have to extend your personal data retention on the grounds of establishment, exercise or defence of legal claims or execution of our internal investigations.

For China customer contacts –

Is it not possible to do business without processing my personal data?

It is not statutory to provide your personal data, but certain personal data is required to execute or enter into a business activity (such as business contract) with us.