Compliance
Data Protection Information | Business Partner Compliance
We, DEUTZ AG (hereinafter referred to as DEUTZ or we), take the protection of your personal data very seriously. For this reason, we adhere strictly to the provisions of the applicable data protection laws. Below we provide answers to important questions about the processing and handling of your personal data and inform you of your rights under data protection law.
DEUTZ attaches great importance to ensuring that all official and legal requirements are met and adhered to by its employees and business partners. Among other things, the focus is on compliance with the law, fair competitive behaviour, and the non-tolerance of corruption or bribery. In this context, our business partners are also required to undergo a more extensive compliance assessment. The assessment is based on national and international requirements, e.g. anti-corruption laws, anti-money laundering laws, anti-terrorism laws, etc.
Consequently, DEUTZ has a legitimate interest in ensuring compliance with these statutory requirements. We therefore conduct due diligence reviews of our business partners at regular intervals. The personal data (master data, address and contact details) provided by our business partners in the context of these reviews is checked against global blacklists and sanction lists and screened for general negative news to ensure that no money or other financial resources are being made available for criminal or terrorist purposes.
Therefore, the provision of the data is understood to be necessary for establishing or continuing a business relationship with DEUTZ. If the required data is not provided, the business relationship cannot be established or continued.
In addition, we request (at regular intervals) various key functions and their contact persons from our business partners (You) in order to keep our master data up to date and to be able to ensure that the information we are legally obliged to provide (e.g. in connection with REACH) is correctly addressed. The designation of responsible key functions provides information about the importance of the respective topic in your company and is included in the assessment. Personal data is not mandatory for this purpose and can be anonymised (N.A.).
Access to personal data is provided only to those persons and departments within DEUTZ that need this data in order to meet our contractual and legal obligations.
DEUTZ uses a cloud-based software solution by Compliance Solutions GmbH to perform the business partner check. It has entered into an agreement on order processing.
The personal data of members of the business partner's governing bodies and its employees in key positions that is provided by the business partner will be stored for three years after the end of the business relationship.
DEUTZ has taken appropriate technical and organisational measures to sufficiently protect the data against unauthorised access as well as accidental destruction or loss.
Data subjects affected by the processing have the right to request information from DEUTZ about their personal data at any time, or to obtain the data in a structured, machine-readable format and to send this data to a different controller. They can also demand that the data be corrected or deleted and that the processing of the data be restricted. Furthermore, they have the right to object at any time, on grounds relating to their particular situation, to the processing of the data.
You can use our online form if you wish to exercise the aforementioned data subject rights. You can also use the online form to send us suggestions and requests for improvement in this context. You also have the option of lodging a complaint with a regulatory authority. However, we would be pleased if we could look into your enquiry first and find a mutually acceptable resolution.
Our data protection officer can also be contacted via the online form.
The data protection supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestrasse 2-4, 40213 Düsseldorf, Germany.
A transfer to recipients in third countries without an adequate level of data protection will only take place if an adequate level of data protection is guaranteed (Art. 44 et seq. GDPR).
At DEUTZ, we are increasingly using the European Commission's standard contractual clauses EU-SCC 914 (available at: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj).
The following are deemed to be sufficient guarantees:
- Adequacy decisions by the European Commission
Can be found on the European Commission's website:
https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de - EU standard contractual clauses
Can be found on the European Commission's website:- Re. commissioned processing by service providers in a third country
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1487055654356&uri=CELEX:32010D0087 - Re. transfers to controllers in third countries
(clause set I)
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1487055707175&uri=CELEX:32001D0497 - (clause set II)
https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1487056769872&uri=CELEX:32004D0915 - New from 22.09.2021:
https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj
- Re. commissioned processing by service providers in a third country