This Privacy Policy applies solely to our website http://www.sanyeurope.com and the services directly accessible through the SANY website (“My SSSC services”) at https://portal.sanyeurope.com (also known as the “SANY Portal“). In the following Privacy Policy, we explain how your data is handled on the SANY website. In the event that you are forwarded to websites or apps via links from our SANY website, please inform yourself there about the respective handling of your data. This Privacy Policy was last updated on 20th December, 2022.
PRIVACY POLICY
OVERVIEW
A. COMPREHENSIVE INFORMATION ON DATA PROCESSING
1. Controller and data protection officer
Unless another controller is expressly named for individual services, the controller is the controller within the meaning of the GDPR as well as all other applicable EU data protection provisions (“Controller”):
SANY Europe GmbH
Sany Allee 1
50181 Bedburg
Germany
E-mail: info@sanyeurope.com
Hereinafter also referred to as “SANY”.
Every data subject can contact our data protection officer directly at any time with all questions and suggestions regarding data protection. You can reach him/her at the above address or at datenschutz@sanyeurope.com.
2. Data processing principles and storage period
2.1. Legal bases for the processing of personal data
Provided that we have obtained your consent to process your personal data, Article 6(1a) GDPR serves as the legal basis for the processing of personal data. You can withdraw this consent with effect for the future at any time.
For the processing of personal data which is required to perform a contract with you or your company, Article 6(1b) GDPR serves as the corresponding legal basis. This also applies to processing operations that already become relevant prior to the contract.
Insofar as processing of your personal data is necessary for compliance with one of our legal obligations, Article 6(1c) GDPR serves as the legal basis.
If processing is necessary to protect the legitimate interest of our company or a third party, and your interests, fundamental rights and freedoms do not override our legitimate interest, Article 6(1f) GDPR serves as the legal basis for processing.
Supplementary information on specific data processing via the SANY website can be found in the following sections of the Privacy Policy.
2.2. Storage and erasure of data
As a matter of principle, we only store personal data for as long as the specific purpose of the storage requires. If the purpose of storage ceases to apply, your data will be erased or its processing restricted.
In addition, however, it may be that European regulations, applicable national laws or other regulations require us to store the data we process for a longer period. If these storage periods expire, we will erase your data or restrict the processing thereof.
2.3. Data recipients
We will generally only pass on your personal data to service providers, business partners and other third parties within the framework of the applicable data protection laws and inform you of this in accordance with legal requirements.
We may disclose personal data to service providers and require them to perform services on our behalf (commissioned processing). In doing so, we comply with the strict applicable national and European data protection regulations. The service providers are subject to our instructions and are subject to strict contractual restrictions with regard to the processing of personal data. Accordingly, processing is only permitted insofar as it is necessary for the performance of the services on our behalf or to comply with legal requirements. We specify the rights and obligations of the service providers with regard to personal data in advance.
We may disclose personal data to another third party if required to do so by law or legal proceedings, or to provide the services we offer on the SANY website. We may also be required to provide information to a law enforcement agency or other authority. We may also disclose information if it is necessary for us to transfer information in order to collaborate with you and thereby provide services to you, or if you give your consent.
2.3.1. Categories of recipients
Personal data may be transferred to the following recipients or categories of recipients:
• Internal company recipients (e.g. for purpose-specific processing within the responsible departments)
• Other SANY companies
• Cooperation partners with whom the SANY Group provides its services
• External processors within the meaning of Article 28 GDPR
• Companies for which we provide the services
• Courts, authorities or other state institutions, insofar as legal obligations exist
• Auditors
2.3.2. Web hosting
Our SANY website, and therefore also your data, is hosted by us at Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland (“Microsoft”). Microsoft may only access the data within the scope of our instructions (commissioned processing).
Microsoft also takes strict technical measures to protect your personal data. Microsoft will not disclose your personal data to third parties unless such disclosure is necessary to perform the contracted services or Microsoft is required to do so to comply with the law or a valid and binding order of a governmental or regulatory authority. The data transferred for this purpose will be kept to the minimum necessary.
Microsoft also states that it plans to introduce the “European Union Data Boundary”, a solution in which Microsoft undertakes not to transfer any data from the EU to third countries. More information on this measure and other protective measures can be found here: Storing and processing data exclusively in the EU | Microsoft News Centre. Your data is already hosted on servers in the European Union (“EU”) or the European Economic Area (“EEA”).
Despite these measures, it cannot be ruled out with absolute certainty that Microsoft may also store or transfer the information in/to countries outside the EEA. However, Microsoft will take the necessary steps to ensure that an adequate level of data protection is maintained. For example, if Microsoft transfers your information to the United States, additional measures, such as entering into EU-compliant data transfer agreements with the data importer, will be taken as necessary. In addition, as a precautionary measure, we have entered into standard contractual clauses with Microsoft to also safeguard data transfers to third countries in the event that a data transfer to a third country does occur despite the measures listed above. The standard contractual clauses can be viewed here in all languages by entering the search term “DPA”: Microsoft Volume Licensing – Product Licensing Search.
For more information on data protection at Microsoft, please visit: https://www.microsoft.com/en-gb/trust-center/privacy/gdpr-overview.
2.3.3. Forwarding your data to companies affiliated with SANY
Some of your data will be passed on to other SANY companies for the purpose of processing technical support requests.
The legal basis for this data processing is Articles 6(1b) and 6(1f) GDPR or commissioned processing. Insofar as there is no obligation to perform a contract with you and no commissioned processing, we have a legitimate interest in transmitting the data to the relevant SANY company and the business divisions responsible there for internal administrative purposes. This procedure enables the SANY Group to offer you the services offered via the SANY website as efficiently as possible.
An overview of the SANY companies belonging to the “SANY Group” can be found here: https://www.sanyglobal.com/company_overview/
3. Your rights
Insofar as we process your personal data, you are a “data subject” within the meaning of the GDPR. As a data subject, you have the following rights vis-à-vis us:
3.1. Right of access by the data subject regarding processing
You can request information from us at any time within the framework of the legal provisions as to whether your personal data is being processed by us. If this is the case, you have the right to request information about the scope of the data processing (see Article 15 GDPR). Please note that the right of access by the data subject may be restricted in certain legal circumstances.
3.2. Right to rectification
You have the right to have your data rectified and/or completed if the personal data processed concerning you is incorrect or incomplete (see Article 16 GDPR).
3.3. Right to restriction of processing
If the conditions for this are met, you can demand the restriction of processing of your personal data (see Article 18 GDPR).
3.4. Right to erasure
You can demand that we erase the personal data concerning you without delay, provided that the conditions for this are met. The right to erasure does not exist, for example, if the processing of data is necessary (see Article 17 GDPR).
3.5. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against us, we are obliged to inform all recipients to whom the personal data concerning you has been disclosed of this rectification or erasure of data or restriction of processing, unless this proves impossible or involves a disproportionate effort. We will inform these recipients if you request it (see Article 19 GDPR).
3.6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another company without hindrance from us, provided that the conditions for this are met (see Article 20 GDPR).
3.7. Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1f) GDPR (Article 21(1) GDPR).
The consequence of the objection is that SANY will no longer process the personal data concerning you, unless SANY can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.
If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing (Article 21(2) GDPR).
We ask you to inform us about your objection using the following contact details:
SANY Europe GmbH
Sany Allee 1
50181 Bedburg
Germany
E-mail: datenschutz@sanyeurope.com
3.8. Right to withdraw consent under data protection law
If you have submitted a declaration of consent under data protection law, you can withdraw this at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
3.9. Right to lodge a complaint with a data protection supervisory authority
Without prejudice to any other administrative or legal remedy, you have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes applicable data protection laws.
4. Security standards
We have implemented appropriate physical, technical and administrative security standards to protect personal data from loss, misuse, alteration or destruction. All service providers and affiliated companies are contractually bound to maintain the confidentiality of personal data. In addition, they are not allowed to use the data for purposes that have not been authorised by us.
Since the security of your data is important, your entire visit is processed via a secure TLS connection. If personal data is collected, the data transfer is also TLS-encrypted. The TLS encryption process protects your data from unauthorised access on its way through the Internet.
5. Amendment of the Privacy Policy
We may update this Privacy Policy from time to time to keep it up to date with current legal requirements or to reflect changes to our services available through the SANY website (e.g. the introduction of new services). If anything has changed since your last visit, please refer to the date in the first paragraph of this Privacy Policy.
B. DATA PROCESSING ON THE SANY WEBSITE AND IN THE SANY PORTAL
1. Log data/log files
• Every time you access the SANY website, our system automatically collects data and information from your end device. In particular, the following data concerning you is collected:
• The IP address of the requesting end device
• The date and time of access
• The website from which the requested file was accessed (referrer URL)
• A description of the browser and the version of the browser used
• If applicable, the installed operating system and the set resolution
• The name of the file and the URL of the requested file
• A description of the access provider you use
• Your dwell time
• The volume of data transferred
• The access status (i.e. whether the file was transferred or possibly not found, etc.)
The aforementioned data is stored in the log files of our system. As a rule, this data is not stored together with other personal data. Insofar as access statistics are created, your IP address is anonymised by the host by cutting off the last few bytes of the IP address. Your IP address can therefore no longer be assigned to you in the access statistics. These anonymised access statistics are evaluated for marketing purposes.
The legal basis for the temporary storage of the data and log files is Article 6(1f) GDPR. We have a legitimate interest in collecting and temporarily storing the aforementioned data as the temporary storage of the data is necessary to enable the delivery of the website. Furthermore, this data is used to optimise our website and to ensure the functionality of the website and the security of our information technology systems.
When you use our SANY website, various types of cookies are used and stored on your end device. Cookies are small text files that are stored on your end devices when you visit our SANY website. We receive various types of information when cookies are set.
• The browser type and its version;
• The operating system of the end device;
• The language;
• The time zone;
• The activated plugins;
• The installed fonts;
• The screen resolution;
• The CPU class;
• The device memory;
• And other values that can be derived from the device or browser.
Certain cookies are strictly necessary for the proper operation and functioning of our SANY website and the proper display of its content. These “necessary cookies” cannot be deselected because without them our website cannot be offered.
External content
In order to expand and optimise the range of functions offered by our website and to make the use thereof more convenient for you, we integrate external content such as maps and videos. The providers of this external content use cookies and similar technologies. You do not have to accept the cookies and similar technologies used for this purpose, but you will then also not be able to use the enhanced functions provided by the external content embedded on the website. You can also make a corresponding setting in your browser cookie settings. However, this could restrict the range of functions offered by our website.
Statistics cookies
We use cookies to statistically record the use of our website, for example to measure the range and attractiveness of the services we offer. These cookies are optional.
Cookies are stored on your end device. You can decide at any time whether to delete the cookies from your end device. Via the settings in your browser, you can determine whether the transmission of cookies to us from your end device should be deactivated, restricted or if the cookies should even be deleted completely. If you deactivate all cookies for our website, it may no longer be possible to use all functions of the website to their full extent.
Plugins from www.youtube.com are integrated on our website. We use embedded YouTube videos in privacy-enhanced mode. YouTube describes its mode of operation as follows: “With privacy-enhanced mode, you can embed YouTube videos without cookies being set to analyse user behaviour. This means that no data on user activity is collected in order to personalise video playback. Instead, video recommendations are based on the current video. Videos played in privacy-enhanced mode do not affect which videos are recommended to a user on YouTube”.
Google Inc.,1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)
• Show videos
• Cookies (if “privacy-enhanced mode” is not activated)
• IP address
Section 25(1) TTDSG and Article 6(1a) GDPR
Worldwide
For more information on how YouTube handles your data, see YouTube’s Privacy Policy at the following link: https://policies.google.com/privacy?hl=en.
• Alphabet Inc.
• Google LLC
• Google Ireland Limited
United States of America
You can withdraw your consent for the future at any time by unchecking the “External content” box in our cookie banner and then clicking “Save”.
Further information on the collection and use of data by the platform or plugins can be found in YouTube’s Privacy Policy at the following link: https://policies.google.com/privacy?hl=en.
On the website, we offer you the option to search for the specialist dealer of our products that is closest to your immediate location. In order to be able to show you suitable dealers, we use the Google Maps API service.
Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or tailoring the design of its website. This analysis is carried out (even for users who are not logged in) in particular to provide tailored customer-oriented advertising and to inform other users of the Google network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google directly to exercise this right.
For this processing, our cooperation with Google is based on a joint responsibility agreement pursuant to Article 26 GDPR. You can find the agreement under the following link: https://privacy.google.com/intl/de/businesses/mapscontrollerterms/
Google Maps also integrates the external fonts of the “Google Fonts” service. When you call up the Google Maps service, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must establish a connection to Google’s servers. If your browser does not support the fonts, a standard font will be used by your end device. According to Google, the data transmitted by Google Fonts in connection with the page view is sent to resource-specific domains. Google states that the data is not linked to other data that may be processed in connection with the parallel use of authenticated Google services, such as Google Mail.
Processing company:
Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”)
Data processing purposes:
• Display interactive maps directly on the website
• Convenient use of the dealer search by means of a map function in your vicinity
• Provision of fonts
Technology used:
• API
• Cookies
Data collected:
• Your IP address
• Location information
• Date and time of the request
• Access status/HTTP status code
• Content of the request or the transmitted search terms (specific page)
• Time zone difference from Greenwich Mean Time (GMT)
• Data about your location
• Website from which the request comes
• Your browser type
• Your operating system and its interface
• Language setting and browser software version
Legal basis:
Section 25(1) TTDSG and Article 6(1a) GDPR
Place of processing:
Worldwide
Retention period:
The fonts required for the service are usually stored on the end devices for one year in order to improve the loading times of the websites. Further information on how Google handles your data can be found in the Privacy Policy: https://policies.google.com/privacy?hl=en.
Data recipients:
• Google Ireland Limited
• Google LLC
• Alphabet Inc.
Transfer to third countries:
United States of America.
Google also processes your personal data in the US, thereby relying on the standard contractual clauses of the European Commission. For more information, see https://policies.google.com/privacy/frameworks?hl=en.
Objection/withdrawal:
You have the option of easily deactivating the Google Maps service and thus preventing the transfer of data to Google: To do this, deactivate JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display.
You can withdraw your consent for the future at any time by unchecking the “External content” box in our cookie banner and then clicking “Save”.
Data protection provisions of the processing company:
Further information on the purpose and scope of data collection and data processing by Google can be found in Google’s Privacy Policy. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/privacy?hl=en.
2.5. Matomo (web tracking – hosted by MATOMO)
We use MATOMO. MATOMO is an open source web analytics platform. We use MATOMO to measure, collect, analyse and report visitor data in order to understand and optimise our website. We host the data collected via MATOMO about interactions with our website in MATOMO’s cloud.
Processing company:
InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand (“Matomo”)
Data processing purposes:
Analysis of website use; optimisation of the website
Technology used:
Device and browser fingerprinting
Data collected:
• User IP address
• User ID
• Date and time of the request
• Title of the accessed page (page title)
• URL of the accessed page (page URL)
• RL of the page that was called up before the current page (referrer URL)
• Screen resolution used, time in the time zone of the local user
• Files that have been clicked on and downloaded (download)
• Links to an external domain that have been clicked on (outlink)
• Page generation time (the time it takes the web server to generate the pages and then download them from the user: Page speed)
• Location of the user: Country, region, city, approximate latitude and longitude (geolocation)
• Main language of the browser used (accept language header)
• User agent of the browser used (user agent header)
• Browser, operating system, the device used (desktop, tablet, mobile phone, TV, car, console, etc.), the make and model
• Certain interactions with our website may also be recorded (e.g. search entries or mouse movements)
Legal basis:
Section 25(1) TTDSG and Article 6(1a) GDPR
Place of processing:
EEA
Retention period:
We will only process your data for as long as is necessary for the purpose for which it was collected and for as long as there are no legal archiving obligations to the contrary.
Data recipients:
Australian Centre for Advanced Computing and Communication NZ Pty Limited
Transfer to third countries:
In principle, this does not happen. However, it cannot be ruled out, as the subcontractor of Matomo (Cloud) is Amazon Web Services New Zealand Limited.
Objection/withdrawal:
You can withdraw your consent for the future at any time by unchecking the “Statistics cookies” box in our cookie banner and then clicking “Save”.
Data protection provisions of the processing company:
Further information on data protection at MATOMO can be found in the following MATOMO Privacy Policy: Matomo Cloud Privacy Policy – Matomo Analytics
3. Collection of location data via your browser
We would like to provide you with the most convenient user experience possible on our SANY website. For this purpose, we collect information about the settings of the web browser you are using, the language you are using and the country from which you are accessing our SANY website.
We use these functions to show you content that is suitable for your region and to display the content in your preferred language. You have the option to change the language settings on the SANY website at any time or to display content from other regions.
If the cookie settings of your browser allow it, we store the information determined in this way in a language cookie and in two country cookies.
The legal basis for data processing is Article 6(1f) GDPR. We have a legitimate interest in presenting our website so that it corresponds as closely as possible to the interests of our website visitors.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal archiving obligations that prevent its erasure. We store the cookies for one year if your cookie settings allow cookies.
4. Contact form
SANY offers you the opportunity to contact SANY via a contact form on the website. If you contact us via the contact form, the data entered in the fields will be transmitted to us and stored. This includes, in particular, your name and e-mail address, and all other data entered in the fields.
In some cases, it is necessary to forward your data to other SANY companies or other third parties in order to be able to process your request in the best possible way by the relevant contact person and the relevant specialist department.
The legal basis for the processing and transmission of the data entered via the contact form is Article 6(1a), 6(1b) or 6(1f) GDPR. We only process and transmit the personal data entered in the contact form in order to process your request and contact you. This is in our interest. This may also involve the initiation of a contract.
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal archiving obligations that prevent its erasure. Data processing for the purpose of processing the request via the contact form is terminated in any case when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
C. SPECIAL DATA PROCESSING OPERATIONS WHEN USING MY SSSC SERVICES
1. Controller
SANY Europe GmbH is the controller within the meaning of the GDPR for the “SANY Service and Support Center” (in short: “SSSC”) platform. Digital services for SANY Group products (“SSSC services”) are accessible via SSSC.
2. Registration for SSSC
It is necessary to register and create a user account for SSSC in order to use SSSC and the services that can be accessed via it.
SSSC provides companies that offer the products for purchase or rent to other companies (“dealers”) the opportunity to access supplementary specialist information on the products via the SSSC services and to use additional services via SSSC in connection with the products of the SANY Group.
2.1. Registration process for SSSC
Employees of the dealers can register for SSSC. When registering for SSSC, there are certain mandatory details that you must provide as well as voluntary details that are marked separately.
We use, store and process this data because this is necessary for the establishment, content or modification of the user relationship between you and us, and for the use of the SSSC services offered via SSSC.
If you have registered successfully, you can log in to your user account after it has been activated. We use, store and process the data you used for registration, such as your e-mail address and the password you have specified, so that you can log into SSSC and access the SSSC services made available there for retrieval.
The legal basis for the aforementioned data processing within the scope of registration for SSSC is Article 6(1b) and 6(1f) GDPR. We will erase your data if it is no longer required for the stated purpose and there are no contractual or legal retention periods.
2.2. Activation process
In order to check whether you are authorised to use SSSC as an employee on behalf of the dealer, SANY may transmit the details entered as part of your registration to the dealer for whom you work before activating your profile. In this case, the data you entered as part of the registration process will be transmitted to the dealer in order to check whether you work for the dealer and are authorised to use SSSC and the SSSC services.
The legal basis for the aforementioned data processing as part of the activation process for individual SSSC services is Article 6(1b) and 6(1f) GDPR. We will erase your data if it is no longer required for the stated purpose and there are no contractual or legal retention periods.
2.3. Accessibility of data for other users
Other users of SSSC will not be able to see your contact information as part of the intended use of SSSC.
3. SSSC service: Warranty tool
Via the warranty tool, SANY offers you the opportunity to digitally process warranty claims on behalf of the company for products that are subject to warranty or special complaint provisions or for which the SANY companies have assumed a warranty (“warranty claim”).
As part of the warranty claim, various data on the product, the defect and any repairs already carried out relating to the defect is requested. If you decide to report a warranty case via the warranty tool, the data entered in the fields will be transmitted to SANY and stored. This includes, in particular, the e-mail address you entered when registering for SSSC and all other data entered in the fields.
The legal basis for the aforementioned data processing is Article 6(1b) and 6(1f) GDPR. We will erase your data if it is no longer required for the stated purpose and there are no contractual or legal retention periods.
4. SSSC service: Web shop
4.1. Purchasing and requesting products via the web shop
You have the option to order or request products via your SSSC account. A guest order is not possible.
If you order via your SSSC account, a large part of the data you have entered in your account will be automatically used to carry out the order. You do not need to re-enter any data.
If you would like to send a request for a product, certain mandatory information is required from you in order to process your request. You do not need to fill in the fields marked as optional in order to request the product.
SANY uses, stores and processes this data as this is necessary for the establishment, content or amendment of the contractual relationship between you and SANY, and for the utilisation and invoicing of the related services as well as for the initiation of contracts for requested products.
The legal basis for the aforementioned data processing is Article 6(1b) and 6(1f) GDPR.
5. SSSC service: SIS
The Group company SANY Group Co. Ltd. in China offers the SIS Portal on its website, whereby the portal provides the opportunity to view machine-specific spare parts lists with the help of technical drawings and to find the right spare parts for your machine.
A separate login is required to access the SIS. If you do not yet have access, please contact aftersales.administration@sanyeurope.com with your company name, e-mail address, country, telephone number and product group (construction machinery or port machinery). At the instigation of SANY, access will be set up for you, which will be designed in such a way that it is not personal. The access data will be sent to you by SANY via e-mail to the e-mail address you have specified.
The legal basis for the aforementioned data processing is Article 6(1b) and 6(1f) GDPR.
SANY Group Co. Ltd. in China is responsible for operating the SIS Portal. If you access the SIS Portal, your IP address will be transmitted to the server (in China), as is the case with every website access. If you do not wish this to happen, do not access the SIS portal.
6. Content delivery networks
We use content delivery networks (“CDN”) for the proper provision of content. The use of CDN enables us to make content, in particular files, graphics or scripts, available to you more quickly for retrieval with the help of regionally or internationally distributed servers. When you access this content, a connection is established between you and the respective servers of the CDN, whereby personal data such as your IP address and possibly browser data such as your user agent are transmitted to the provider of the CDN. Personal data transmitted in this way is usually stored in server log files of the respective provider of the CDN in order to increase the delivery speed of the website.
Below, we will provide you with information about the CDN that we use.
6.1. Bootstrap (CDN)
Bootstrap CDN scripts are loaded. The provider of this service is Prospect One, Kròlewska 65a, Małopolskie Voivodeship, 30-081 Poland (“Bootstrap”).
When establishing the connection with Bootstrap’s servers, personal data such as your IP address and, if applicable, browser data such as your user agent, may be transmitted to Bootstrap. In addition, Bootstrap may store cookies on your computer for optimisation and analysis.
The use of Bootstrap is based on Article 6(1f) GDPR. We have a legitimate interest in the secure and efficient provision of our website, as well as in reducing the delivery speed of our website.
Your data will only be processed by Bootstrap for as long as is necessary for the purpose of the data collection. The specific storage period of the processed personal data cannot be influenced by us. This is determined by Bootstrap. Further information on data protection can be found in Bootstrap’s Privacy Policy: https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net.
6.1. Cloudflare (CDN)
Furthermore, we use the CDN of Cloudflare Inc., 101 Townsend Street, San Francisco, CA 94107 (“Cloudflare”).
When establishing the connection with Cloudflare’s servers, personal data such as your IP address and, if applicable, browser data such as your user agent are transmitted to Cloudflare’s servers. According to our knowledge, Cloudflare collects the following data:
• Name of the website being requested
• File name
• Date and time of the request
• Transmitted data volume
• Message about whether the request was successful
• Browser type and version used
• Details of the user’s operating system
• Previously visited website (referrer URL)
• IP address
• Details of the requesting provider
In addition, Cloudflare may store cookies on your computer for optimisation and analysis.
It is possible that your data will be transferred to servers outside the EU and the EEA. We have entered into a contract with Cloudflare on commissioned processing, in which Cloudflare undertakes to process data exclusively in accordance with our instructions. In addition, we have entered into standard contractual clauses with Cloudflare as appropriate safeguards in accordance with Article 46 GDPR. Further information can be found here: https://www.cloudflare.com/cloudflare-customer-scc
The use of Cloudflare is based on Article 6(1f) GDPR. We have a legitimate interest in the secure and efficient provision of our website, as well as in reducing the delivery speed of our website.
Your data will only be processed by Cloudflare for as long as is necessary for the purpose of the data collection. The specific storage period of the processed personal data cannot be influenced by us. This is determined by Cloudflare. Further information on data protection can be found in Cloudflare’s Privacy Policy: https://www.cloudflare.com/privacypolicy/
D. SANY GROUP ON SOCIAL MEDIA
1. Data processing by social media platforms in general
We have publicly accessible company profiles on social media platforms in order to provide information about our news and events, and to provide insights into the company of SANY and other companies belonging to the SANY Group. The social media platforms also enable us to contact you as a user/visitor. The platforms on which we have a company profile can be found below in Section 6.
Social media platforms such as Facebook, Twitter, etc. can generally comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. “like” buttons or advertising banners). By visiting our social media sites, numerous data protection-relevant processing operations occur. The respective social media platforms may provide us with anonymised statistics and insights about the interactions of our posts, for example. From this information, we can see whether our website was accessed by users/visitors from the respective platform via our company profile as well as the age/gender groups (the latter only for logged-in users), for example. We have no influence on the data transmitted to us and cannot stop the social media platforms from performing these operations. We use the data transmitted to us to optimise our posts and our presence and to be able to design them according to the interests of our website visitors.
The social media platforms store cookies on your end device or record your IP address. This process is designed to evaluate the data of the visit from the social media platform and our company profile for statistical and market research purposes and may help to optimise future advertising activities by the social media platforms. For example, the social media platforms may use the data collected about the user behaviour of users/visitors themselves to place personalised advertisements, which may be displayed on all devices on which you are/were logged in.
If you are logged into a social media platform when you visit our company profile, the data relating to the visit to our company profile may be assigned to your account and linked to the data of this account. Please note that it is possible that social media platforms may collect your data even if you do not have an account.
Depending on the platform, further processing operations may be performed. For further details, please refer to the terms of use and privacy policies of the respective social media platforms.
2. Legal basis
SANY has a legitimate interest in maintaining the company profile and processing your data in order to be able to design and implement up-to-date information and communication options accordingly. The legal basis in this case is Article 6(1f) GDPR.
If you contact us via the message function or via the e-mail address stored in our company profile, we store your user profile ID or e-mail address as well as other data you have provided. The legal basis for the processing is Article 6(1b) GDPR, insofar as the contact is about initiating a contract or contract-related issues. We also have a legitimate interest in processing your data in order to be able to respond to your request, as per Article 6(1f) GDPR.
The analysis procedures used by the social media platforms may be based on different legal grounds, which are to be stated by the operators of the social media platforms (e.g. consent within the meaning of Article 6(1a) GDPR, where consent can be withdrawn at any time).
3. Controller
According to a decision of the European Court of Justice, fan page operators (i.e. including us) are joint controllers together with the social media platform within the meaning of the GDPR.
Due to the collection and storage of data (and user data) by the social media platforms, you can also assert your rights against the respective platform. You can find your rights with respect to us under Section A.3.
4. Storage period
The data will be erased as soon as it is no longer required to achieve the purpose for which it was collected and there are no legal or contractual archiving obligations that prevent its erasure. If you contact us via the message function or the e-mail address stored in the company profile, the conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
Using the respective “Unsubscribe” and “Unfollow” (or “Unlike”) buttons, you can remove the connection to our company profile and the associated processing of your data.
We describe the storage period and which data is stored by the individual social media platforms below.
5. Type of data
We may process inventory data for your social media account with the social media platform (e.g. first name and surname, address, e-mail address, telephone number, gender, age, date of birth), usage data (e.g. websites visited, interest in content) and content data (e.g. photos, videos, text entries).
6. Company profiles on social media platforms in detail
We have company profiles on the following social media platforms.
6.1. Facebook
We have a company profile on Facebook. The data protection (co-)controller of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. For persons living within the US or Canada, it is Meta Platforms Inc., 1601 Willow Rd. Menlo Park, CA 94025, USA (“Facebook”).
Facebook may share your information internally, within the Facebook Group (transfer to Facebook in the US) or with third parties. For example, information collected in the EEA may be transferred to countries outside the EEA for the purposes described in this Privacy Policy. According to Facebook, Facebook uses standard contractual clauses approved by the European Commission, takes other measures under EU law, and obtains your consent to legitimise data transfers from the EEA to the US and other countries.
Facebook transmits anonymised statistics and insights, known as “Insights data”, to us as fan page operators. Exactly which Insights data is transmitted to us by Facebook can be viewed here in the agreement entered into with Facebook (Controller Addendum): https://de-de.facebook.com/legal/terms/page_controller_addendum.
The nature, scope and purpose of the collection and processing of data by Facebook, as well as the rights and settings options for protecting the user’s privacy, can be found in Facebook’s Privacy Policy (https://www.facebook.com/about/privacy).
6.2. YouTube
We have a profile on YouTube. The data protection (co-)controller is Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). For persons living within the US or Canada, it is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. According to YouTube or Google, the data collected is also transferred to the US and other third countries. YouTube and Google also use analysis tools (including Google Analytics).
According to YouTube and Google, Google uses a legal framework and other measures to guarantee an appropriate level of data protection.
If you would like to deactivate advertising cookies from YouTube or Google, please use the following link: https://adssettings.google.com/ or do this directly: https://adssettings.google.com/authenticated.
For details on how they handle your personal data, please refer to YouTube’s guidelines on privacy: https://support.google.com/youtube/topic/2803240?hl=en&ref_topic=6151248 and Google’s Privacy Policy: https://policies.google.com/privacy.
6.3. Instagram
We have a company profile on Instagram. The data protection (co-)controller is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Instagram”). Accordingly, the statements on Facebook also apply here (Section D.6.1).
The exact data transmitted to us by Instagram can be viewed here: https://help.instagram.com/788388387972460 and https://de-de.facebook.com/legal/terms/page_controller_addendum.
The nature, scope and purpose of the collection and processing of data by Instagram, as well as the rights and settings options for protecting the user’s privacy, can be found here: https://help.instagram.com/196883487377501?ref=dp and in Instagram’s Privacy Policy: https://help.instagram.com/519522125107875.
6.4. LinkedIn
We have a company profile on LinkedIn. The data protection (co-)controller is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. For persons living within the US or Canada, it is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA (“LinkedIn”). According to LinkedIn, the data collected is also transferred to the US and other third countries. LinkedIn uses advertising cookies. LinkedIn also uses analysis tools from other companies (including Google Analytics).
According to LinkedIn, LinkedIn uses standard contractual clauses approved by the European Commission and takes other measures under EU law to legitimise data transfers from the EEA to the US and other countries.
Details can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
7. Sharing content on social media platforms
If you decide to share the content of our SANY website on social networks such as Facebook, Twitter, XING, Pinterest, etc., the privacy policies of the respective social media platform apply.
Our SANY website does not include any plugins provided by the social networks Facebook, Twitter, Pinterest, etc.. User data is not automatically transferred to the operators of these platforms on our SANY website.