1. Email disclaimer

General Privacy Policy

This General Privacy Policy governs the processing of your personal data by Komatsu Europe International NV, a corporation existing under the laws of Belgium, with registered office at 1800 Vilvoorde, Belgium, Mechelsesteenweg 586, registered in Brussels under number RPR/CER (0)404.968.268 (together with the other Komatsu subsidiaries in the EEA referred to as : “Komatsu” or “we”) when you have a meeting with us in of our premises or another place. In this General Privacy Policy, “premise” includes, but is not limited to, our/your buildings, our/your offices, our/your sites and/or machines, etc. A “meeting” includes, but is not limited to, a visit to one of our/your premises, a training, appointment, fair or event organised by us or where we are present, etc., regardless whether the meeting takes place at our premises, your premises or at another place and regardless whether the meeting is physical or virtual.

For any questions with regard to the processing of your personal data, you can contact us via e-mail at PrivacyOffice@komatsu.eu.

1. In general

1.1 When we process personal data of yours, Komatsu will be the data controller of that processing activity. Our contact details are the following

1.2 The terms in this General Privacy Policy have to be interpreted in accordance with the terms defined in the EU General Data Protection Regulation (GDPR) (Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).

1.3 Any reference in this General Privacy Policy to certain laws or regulations also includes any change, replacement or annulment of these laws or regulations, including any related executive decisions.

1.4 We reserve the right to from time to time modify this General Privacy Policy at our own discretion. Such modification will be communicated via an appropriate way.

2. Types of personal data we process

2.1 When we have a meeting with you, we collect the following personal data about you:

  • your contact details, such as your name, e-mail address and phone number;
  • information about the time you enter our building or have a meeting with us;
  • information about your location;
  • your license plate;
  • your signature;
  • the name and contact details of the company or organisation for which you work and your job title or function
  • information about your preferences and consumption in terms of food and drinks.

2.2 When we want to contact you after a meeting at a fair or event, we also process the following information about you:

  • information regarding your CV;
  • information about your professional competences and experience

2.3 When you participate in a training course, we also process the following data about you:

  • information about your professional competences and experience;
  • information about the training or meeting itself.

2.4 When you want us to arrange your stay in a hotel in the context of your meeting, we will also process the following information:

  • travel data, such as your flight hours, the location of the hotel, the time of the stay and type hotel.

2.5 Normally, we do not process any sensitive data about you. However, should it be relevant to process your health data within the framework of your meeting, for example because you are disabled and we have to take this into account during the meeting, for instance to make your visit to one of our premises run smoothly or if we provide food in the context of a meeting and you are allergic to something, we will ask your explicit consent before we process this data.

3. Purposes for which we process your personal data

We process your personal data:

3.1 To safeguard the security of, and access to, the premises.

3.2 For safety reasons in the context of, for example, an evacuation.

3.3 To inform persons with whom you have a meeting that you arrived.

3.4 To make it possible to contact you in response or as a follow-up to our meeting.

3.5 To manage our participants lists, for instance when you participate a training course or a visit.

3.6 To arrange your stay.

3.7 To plan and organise the meeting.

3.8 To be able to defend us in judicial or other proceedings, if necessary.

3.9 To inform a third party and its advisors in the context of a possible merger with, acquisition by/of, demerger by, or other share or asset purchase deal with that third party, also if that third party is located outside the European Union.

3.10 To comply with our legal obligations or with any request from law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including data protection authorities.

4. Legal basis for processing your personal data

4.1 Processing of your personal data for the purposes outlined in Article 3.1 of this Policy is necessary to pursue our legitimate interest, namely to safeguard security.

4.2 Processing of your personal data for the purposes outlined in Article 3.2 of this Policy is necessary to pursue our legitimate interest, namely to safeguard safety.

4.3 Processing of your personal data for the purposes outlined in Article 3.3 of this Policy is necessary to pursue our legitimate interest, namely to inform people with whom you have a meeting.

4.4 Processing of your personal data for the purposes outlined in Article 3.4 of this Policy is necessary to pursue our legitimate interest, namely to be able to contact you.

4.5 Processing of your personal data for the purposes outlined in Article 3.5 of this Policy is necessary to pursue our legitimate interest, namely to manage our participant lists.

4.6 Processing of your personal data for the purposes outlined in Article 3.6 of this Policy is necessary to pursue our legitimate interest, namely to plan and organise the meeting.

4.7 Processing of your personal data for the purposes outlined in Article 3.7 of this Policy is necessary to pursue our legitimate interest, namely to arrange your stay.

4.8 Processing of your personal data for the purposes outlined in Article 3.8 of this Policy is necessary to pursue our legitimate interest, namely to be able to defend ourselves in case of a dispute.

4.9 Processing of your personal data for the purposes outlined in Article 3.9 of this Policy is necessary to pursue our legitimate interest, namely to be able to explore or conduct normal corporate or M&A transactions.

4.10 Processing of your personal data for the purpose outlined in Article 3.10 is necessary to allow us to comply with our legal obligations.

4.11 If we process any health data of yours for one of the purposes outlined in Article 3 that include personal data as described in Article 2.5, we will ask for your consent.

5. Retention period

5.1 As a general principle, we keep your personal data no longer as to achieve the purposes described in Article 3 or up until such time where you withdraw your consent for processing the data. We would like to emphasize that we provide the necessary appropriate safeguards for the security and integrity of your personal data.

5.2 If the personal data are no longer required, we will delete these in a safe manner.

6. To whom we send your personal data

6.1 We may rely on third-party processors (such as security companies) to process your personal data on our behalf. These third-party processors are only allowed to process your personal data on our behalf and upon our explicit written instructions.

6.2 We share your personal data with other entities within our group where necessary. We ensure that all companies of our group will take due care that all processing of your personal data is in line with what is set out in this General Privacy Policy.

7. Location and transfer

7.1 We process your personal data first and foremost within the European Economic Area (EEA). However, we may also exceptionally transfer your personal data to other companies of our group or to third parties who process on our behalf that are established outside the EEA. If such transfer takes place, we will ensure that there are safeguards in place to ensure the safety and integrity of your data as well as all rights with respect to your personal data you have under applicable mandatory law.

7.2 Each such company of our group or third party established outside the EEA that processes your personal data will be bound to observe adequate safeguards in order to ensure the safety and integrity of your data. Such safeguards will be the consequence of:

  • The country of the recipient having legislation in place which is considered equivalent to the protection offered within the EEA; or
  • A contractual arrangement between us and that entity. All companies of our group are parties to a contractual agreement based on the European Commission’s Standard Contractual Articles (controller-to-controller) (Commission Decision C(2004)5721).

8. Quality assurances

8.1 We consider your personal data confidential and treat these as such.

8.2 We will take appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by our personnel or processors will occur on a need-to-know basis only and will be subject to confidentiality obligations. You acknowledge, however, that safety and security are best-efforts obligations which can never be guaranteed.

8.3 Despite strong security measures, infringements can never be completely ruled out. If a breach of security or confidentiality of your personal data occurs and this breach also poses a high risk to your rights and freedoms, we will notify you of this breach as soon as possible.

9. Your rights

9.1 You have the right to request access to all personal data pertaining to you that we process. We reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for the purpose of causing nuisance or harm to us. Each request has to specify for which processing activity you wish to exercise your right of access and which data categories you wish to gain access to.

9.2 You have the right to request that any personal data pertaining to you that are inaccurate, be corrected free of charge. If you submit a request for correction, such request has to be accompanied by proof of the flawed nature of the data for which correction is asked.

9.3 You have the right to withdraw your earlier-given consent for the processing of your personal data.

9.4 You have the right to request that personal data pertaining to you be deleted if these data are no longer required in the light of the purposes outlined in Article 3 or if you withdraw your consent for processing the data. However, we will evaluate a request for deletion against:

  • overriding interests of Komatsu, another company of our group or any other third party; or
  • any legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.

Instead of deletion you can also ask that we limit the processing of your personal data if:

  • you contest the accuracy of the data;
  • the processing is illegitimate; or

· the data are no longer needed for the purposes mentioned in Article 3.

9.5 You have the right to object the processing of personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

9.6 You have the right to receive from us in a structured, commonly-used and machine-readable format all personal data you have provided to us where the processing is based on your consent or the necessity of the performance of an agreement with you and if the processing is carried out by automated means.

9.7 If you wish to submit a request to exercise one or more of the rights mentioned above, you can send us a letter or an e-mail to PrivacyOffice@komatsu.eu. A request to exercise a right will not be construed as consent with the processing of your personal data beyond what is required for handling your request. Any request has to clearly state which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed, and accompanied by a digitally-scanned copy of your valid identity card proving your identity.

We will promptly inform you of having received this request. If the request proves valid, we will honour it as soon as reasonably possible and at the latest thirty (30) days after having received the request.

If you have any complaint regarding our processing of your personal data, please feel free to contact us via e-mail at PrivacyOffice@komatsu.eu. You also have the right to file a complaint with the competent data protection authority.