Privacy Notice of Toshiba Railway Europe GmbH

Like most businesses, we hold and process a wide range of information. This Privacy Notice explains the type of information we process, why we are processing it and how that pro-cessing may affect you.

In brief, this notice explains:
  • how to contact us and our data protection officer;
  • what personal data we hold and why we process it;
  • the legal grounds which allow us to process your personal data;
  • who gets to see your personal data, how long we keep it and where it comes from;
  • how to access your personal data and other rights.

1. Data controller

Toshiba Railway Europe GmbH
Zweigniederlassung Düsseldorf
Marienstraße 8, 40212 Düsseldorf
Phone: 0049 (0)431 2200 030-0

2. Contact data of the data protection officer

TÜV Rheinland Industrie Service GmbH
Vogelsanger Weg 6, 40470 Düsseldorf
Phone: 0049 (0)211 3876 929-0

3. Categories of personal data

We may process your name, title, function and business contact information (address, email, telephone number), bank account, data regard-ing your financial standing and credibility, data from your self-statement, related to the perfor-mance of agreements entered with you and tax data.

4. Purposes of the processing and legal basis

We process data for various purposes.

One purpose is the performance of contracts with you or your employer or the negotiation of new contracts (Art. 6 (1) lit. b GDPR).

We can also process your data in order to pur-sue our or third persons’ legitimate interests (Art. 6 (1) lit. f GDPR). The interests we pursue are the following, among others:
  • the general management of our business and development of our services, systems and products;
  • fulfilment of internal policies and the re-quirements raised by other companies from the Toshiba group, insurances, for the purpose of administration and monitoring;
  • to ensure the operation and security of our IT;
  • enforcement of and defence against claims;
  • avoidance and investigation of crimes, risk management.

Insofar as you have agreed to our processing of your data, your consent serves as a basis for the respective processing activity (Art. 6 (1) lit. a GDPR). You may have provided your consent to being contacted by email or phone. You may withdraw your consent at any time.

Our business must observe various legal re-quirements (regarding technical assessments, work safety, money laundering, taxes etc.) as well as supervisory regulations and financial reporting requirements; in order to fulfil these duties, we may process personal data (Art. 6 (1) lit. c GDPR).

5. Recipients of personal data

We may share your data with
  • data processors in terms of Art. 28 GDPR, such as service providers for IT and logistics, who process your data as instructed by us;
  • official authorities and institutions as far as required by statute or official order;
  • our colleagues, consultants, agents, rep-resentatives, auditors and service provid-ers, suppliers and our customers.

6. Transfer to third countries

We may share personal data with companies belonging to the Toshiba company group, based in Japan, for instance. This sharing of data is based on a adequacy decision of the EU Commission and on our Toshiba Group Data Transfer Agreement in line with the EU Standard Contract Clauses, which ensures a data protection level comparable to that in the European Union.

7. Retention period

We will store your data as long as we need for the performance of an established contractual relationship, for the establishment of a new busi-ness relationship with you, to secure legal claims and to fulfil our duty.

Our documentation obligations, e.g. as per the Company Act, the Fiscal Code, the Money Laundering Act, require us to retain records for 5 to 10 years. Due to the statute of limitations, particularly as regards cases of product liability, make it necessary to retain data for up to 30 years.

8. Source of the personal data

We receive the data from our business relation-ship with you directly or from your employer or colleagues. As the case may be, we might also receive your personal data from third persons, such as visitors of a trade fair.

9. Rights of the data subject

You have a right to make a subject access re-quest to receive information about the personal data that we process about you. You have a right to have your personal data rectified or erased, to object to its processing or to have its processing restricted as well as the right to data portability.

You have the right to lodge a complaint with the supervisory authority:

Landesbeauftragte für Datenschutz und Informa-tionsfreiheit
Postfach 20 04 44
40102 Düsseldorf

Tel.: 0211/38424-0
Fax: 0211/38424-10