Data protection information for the use of Microsoft 365-Tenant of the HÜBNER Group
We, HÜBNER GmbH & Co. KG and the companies of the HÜBNER Company Group listed below take the protection of your personal data and its confidential treatment seriously. With this privacy policy, we inform you about the processing of your personal data and about your rights as a data subject in the context of the use of Microsoft 365 applications.
Microsoft 365 is software solution from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. he contractual partner for customers in the European Economic Area is Microsoft Ireland Operations, Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
We have concluded a data protection agreement with Microsoft in accordance with Art. 28 GDPR (DPA). In this context and within the scope of the Microsoft 365 services used by us, Microsoft is subject to our instructions and the contractual obligation to ensure an adequate level of data protection as a processor within the meaning of the GDPR. We have specified data centers in Europe as storage locations for your data. You can find more information about the protection of your data when using Microsoft 365 applications directly on the Microsoft website under Privacy Statement.
For information on the processing of personal data in other areas, please refer to the respective specific data protection notice.
1. Controller and Data Protection Officer
Together with the companies listed below
HÜBNER GmbH & Co. KG
Heinrich-Hertz-Straße 2
34123 Kassel
Germany
Tel.: +49 561 998-0
e-mail: info@hubner-group.com
is joint controller of the data processing in accordance with the data protection laws. If you have any questions or suggestions regarding data protection, please feel free to contact us. You can reach our data protection officer as follows:
Datenschutzberatung Moers GmbH
Neue Straße 22
34369 Hofgeismar
Germany
e-mail: ds.hks-hubner(@)dsb-moers.de
With regard to data processing in the context of internal administration within the HÜBNER Group and joint procedures through central systems, we and our associated companies have implemented Microsoft 365 across the board. In doing so, we and the respective companies jointly determine the purposes and means of processing. For this purpose, we have concluded an agreement on joint responsibility in accordance with Art. 26 GDPR. HÜBNER GmbH & Co. KG is available to you as a central point of contact; however, you can also contact the other companies of the group listed below at any time. Joint controller companies are:
- HÜBNER GmbH & Co. KG, Heinrich-Hertz-Straße 2, 34123 Kassel, Germany
- HÜBNER TRANSPORTATION GmbH, Wilhelmine-Reichard-Straße 4, 34123 Kassel, Germany
- HÜBNER Photonics GmbH, Wilhelmine-Reichard Straße 6, 34123 Kassel, Germany
- PolymerTechnik Ortrand GmbH, Walkteichstraße 15, 01990 Ortrand, Germany
- HEMSCHEIDT Fahrwerktechnik GmbH & Co. KG, Leichtmetallstraße 5 – 7, 42781 Haan – Gruiten, Germany
- HEMSCHEIDT Engineering GmbH & Co. KG, Gsteinacher Straße 41, 90537 Feucht, Germany
- HÜBNER-H Kft., Tünde utca 11, 4400 Nyíregyháza, Hungary
- HUBNER Manufacturing Corporation Ltd., 450 Wando Park Blvd, Mt Pleasant, SC 29464, USA
- HUBNER Component Solutions LLC, 525 Industrial Park Rd, Dunlap, TN 37327, USA
- HÜBNER Italia S. r. l., Via del Perlar, 2, 37135 Verona (VR), Italy
- HUBNER Interface Systems India Pvt. Ltd., No. 61/4, Malonagathihalli, Kasaba Hobali, Nelamangala Taluk, Bengaluru – 562 123, India
- HÜBNER Toplu Taşıma Sistemleri Teknik Çözümleri Sanayi Ve Ticcaret A.Ş, Cerkesli OSB Mahallesi IMES 8 Caddesi, IMES, OSB Sitesi A Blok No:26, 41455 Dilovasi/Kocaeli, Turkey
- Hübner UK Limited, Unit 2 Parker Centre, Derby DE21 4SZ, UK.
2. Purposes and legal basis for data processing
Below you will find an overview of the purposes and legal basis of data processing in the context of the use of Microsoft 365 applications. Our overriding purpose for using Microsoft 365 applications is to simplify internal and external communication, coordination and collaboration within HÜBNER GmbH & Co. KG and our affiliated companies.
When providing Microsoft 365, we comply with the requirements of the EU General Data Protection Regulation (GDPR), as well as the national data protection laws to which the companies of the HÜBNER Group are subject. We process personal data in particular in accordance with the following legal bases:
- Art. 6 (1)(a) GDPR for the processing of personal data with the consent of the data subject (e.g. for recordings of meetings).
- Art. 6 (1)(b) GDPR for the processing of personal data necessary for the performance of a contract with the data subject, as well as for taking appropriate steps prior to entering into a contract, e.g. in the employment relationship.
- Art. 6 (1)(c) GDPR for the processing necessary for compliance with a legal obligation to which we are subject in accordance with applicable EU law or in accordance with the applicable law of a country in which the GDPR is applicable in whole or in part.
- Art. 6 (1)(f) GDPR for the processing of personal data necessary to protect the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are, in particular, our commercial interest to be able to provide our website, the security of information, the enforcement of our own legal claims and the compliance with further legislation. If, for example, in connection with the use of Microsoft 365 applications, personal data is processed that is not required for the establishment, implementation or termination of a contractual relationship, but is fundamental to the use of these services, we will process this data on the basis of our legitimate interest within the meaning of Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimizing communication and cooperation with and within HÜBNER GmbH & Co. KG and its affiliated companies.
3. Recipients of personal data and transfer of data to third countries
In addition to Microsoft as a data recipient, we use service companies separately committed to confidentiality and data protection for special areas where access to personal data cannot be ruled out. These categories of recipients are: Consulting companies for the use/development or administration of Microsoft 365. Data will only be passed on to authorities if overriding legal provisions exist.
Microsoft implements an EU data boundary. If services are used that are not yet part of the EU data boundary, an adequate level of data protection is ensured by data protection instruments that meet the requirements of Art. 44 et seq. GDPR.
4. Storage period, deletion of data
The data storage results from the respective processes for which the Microsoft 365 applications are used.
For example, if your data is processed in the course of executing a contract, we are obliged to retain the tax-relevant documents for 10 years after the end of the annual financial statements and the end of the calendar year after the end of the contractual relationship. Afterwards, the data will be deleted.
Otherwise, we store personal data only if a legal permission exists and as long as the data is necessary to achieve the processing purposes. The data is then deleted.
Log files are deleted after 90 days at the latest, unless we are entitled or obliged to retain them for longer.
5. Your right to information, rectification, erasure, object and data portability
You can exercise your right to information, rectification and deletion of data at any time. Simply contact us using the methods described above. If you wish data to be deleted, but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability insofar as the technical possibilities are available to the recipient and to us. If you revoke your consent, the data will be deleted, unless other legal grounds require storage.
6. Right to lodge a complaint
You have the option at any time to lodge a complaint with a data protection supervisory authority.
7. Provision obligation
Without correct information from you, it is not possible to use Microsoft 365.
8. Profiling
We do not perform automated decision-making or profiling pursuant to Art. 22 GDPR.
Status of this data protection information: 21.07.2023