Privacy Policy - Mitsubishi Logistics Europe

PLEASE READ THIS PRIVACY POLICY CAREFULLY
1. OUR PRIVACY STATEMENT
The protection of your personal data is of great importance to Mitsubishi Logistics Europe B.V.
(“Company”). This privacy policy (the “Privacy Policy”) therefore intends to inform you about how
Company Group entities, acting as data controller, collects and processes your personal data that you
submit or disclose to us. We also act as data controller when we process your personal data received or
obtained through third-parties. We process this personal data in accordance with the applicable EU and
Member State regulations on data protection in particular, the General Data Protection Regulation No
2016/679 (the “GDPR”).
We encourage you to read this Privacy Policy carefully. If you do not wish your personal data to be used
by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that
in such a case, we may not be able to provide you with our services, you may not have access to and/or be
able to use some features of the Website, and your customer experience may be impacted.
If you have any queries or comments relating to this Privacy Policy, please contact
[fukai@mleurope.com].
2. HOW DO WE USE YOUR PERSONAL DATA?
We will always process your personal data based on one of the legal basis provided for in the GDPR
(Articles 6 and 7). In addition, we will always process your sensitive personal data, for example,
concerning your trade union membership, religious views, or health condition, in accordance with the
special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the purposes detailed below, which are required so that
we can pursue our legitimate interests and provide you with adequate services and products:
2
– to offer you our services;
– to inform you about our policies and terms;
– to promote safety and security, such as by monitoring fraud and investigating suspicious or
potentially illegal activity or violations of our terms or policies;
– to manage our contractual relationship with you;
– to provide, improve, and develop our services, and advertising;
– to use personal information for purposes such as data analysis, research, and audits;
– to ensure business continuity;
– to ensure that content from our website is presented in the most effective manner for you;
– to notify you about changes to our service(s);
– to manage your customer account;
Please be aware that you are entitled to withdraw your consent at any time, and this without affecting the
lawfulness of processing based on your consent before withdrawal thereof.
We will process your data for these specified, explicit and legitimate purposes, and will not further
process the data in a way that is incompatible with these purposes. If we intend to process personal data
originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you
are informed of this. We will keep your personal data for as long as it is necessary for us to comply with
our legal obligations, to ensure that we provide an adequate service, and to support its business activities
(Article 5 and 25(2) GDPR).
3. WHAT TYPES OF PERSONAL DATA DO WE USE?
For the purposes specified under this Privacy Policy, we process the personal data obtained from you
directly (when you decide to communicate such data to us, i.e., when you contact us, or when you fill in
3
forms displayed on the Website) or indirectly (data provided to us by a third-party). We ensure that the
personal data processed be adequate, relevant and limited to what is necessary in relation to the purposes
for which they are processed.
4. HOW DO WE SHARE YOUR PERSONAL DATA?
We may share your personal data with third parties in accordance with the GDPR. Where we share your
data with a data processor, we will put the appropriate legal framework in place in order to cover such
transfer and processing (Articles 26, 28 and 29). Furthermore, where we share your data with any entity
outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller
(2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the
European Commission, in order to cover such transfers (Articles 44 ff. GDPR).
Service Providers
We may share your personal data with companies which provide services on our behalf, such as logistics,
forwarding, transport, e-mail services, accounting service, marketing, auditing, processing payments, data
analytics, and conducting customer research and satisfaction surveys.
Corporate Affiliates and Corporate Business Transactions
We may share your personal data with all Company’s affiliates. In the event of a merger, reorganization,
acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our
business, including in connection with any bankruptcy or similar proceedings, we may transfer any and
all personal data to the relevant third party.
Legal Compliance and Security
It may be necessary for us – by law, legal process, litigation, and/or requests from public and
governmental authorities within or outside your country of residence – to disclose your personal data. We
may also disclose your personal data if we determine that, due to purposes of national security, law
enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
4
We may also disclose your personal data if we determine in good faith that disclosure is reasonably
necessary to protect our rights and pursue available remedies, enforce our terms and conditions,
investigate fraud, or protect our operations or users.
Data Transfers
Such disclosures may involve transferring your personal data out of the European Union. This may
include transfers to countries outside the European Economic Area, which do not have similarly strict
data privacy laws, including, for example, Japan and the United States of America. Such transfer may
take place for employee or business management purposes by the Company. In those cases, we will put in
place appropriate safeguards such as data transfer agreements based on the standard contract clauses as
defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and
2010/87/EU.
We will not use your personal data for online marketing purposes.
5. OUR RECORDS OF DATA PROCESSES
We handle records of all processing of personal data in accordance with the obligations established by the
GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect
all the information necessary in order to comply with the GDPR and cooperate with the supervisory
authorities as required (Article 31).
6. SECURITY MEASURES
We process your personal data in a manner that ensures their appropriate security, including protection
against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate
technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
We will retain your personal information for as long as it is necessary to fulfill the purposes outlined in
this Privacy Statement, unless a longer retention period is required or permitted by law.
5
7. NOTIFICATION OF DATA BREACHES TO THE COMPETENT SUPERVISORY
AUTHORITIES
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have
the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the
outcome of our assessment, we will make the requisite notifications to the supervisory authorities and
communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
8. PROCESSING LIKELY TO RESULT IN HIGH RISK TO YOUR RIGHTS AND
FREEDOMS
We have mechanisms and policies in place in order to identify data processing activities that may result in
high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is
identified, we will assess it internally and either stop it or ensure that the processing is compliant with the
GDPR or that appropriate technical and organizational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain
their advice and recommendations (Article 36 GDPR).
9. YOUR RIGHTS
You have the following rights regarding personal data collected and processed by us.
– Information regarding your data processing: You have the right to obtain from us all the requisite
information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
– Access to personal data: You have the right to obtain from us confirmation as to whether or not
personal data concerning you are being processed, and, where that is the case, access to the
personal data and certain related information (Article 15 GDPR).
– Rectification or erasure of personal data: You have the right to obtain from us the rectification of
inaccurate personal data concerning you without undue delay, and to complete any incomplete
personal data (Article 15 GDPR). You may also have the right to obtain from us the erasure of
6
personal data concerning you without undue delay, when certain legal conditions apply (Article
17 GDPR).
– Restriction on processing of personal data: You may have the right to obtain from us the
restriction of processing of personal data, when certain legal conditions apply (Article 18 GDPR).
– Object to processing of personal data: You may have the right to object, on grounds relating to
your particular situation, at any time to processing of personal data concerning you, when certain
legal conditions apply (Article 21 GDPR).
– Data portability of personal data: You may have the right to receive your personal data in a
structured, commonly used and machine-readable format, and have the right to transmit those
data to another controller without our hindrance, when certain conditions apply (Article 20
GDPR).
– Not to be subject to automated decision-making: You may have the right not to be subject to
automated decision-making (including profiling) based on the processing of your personal data,
insofar as this produces legal or similar effects on you, when certain conditions apply (Article 22
GDPR).
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any
complaint regarding the way in which we process your personal data, you may lodge a complaint with a
Data Protection Supervisory Authority.
10. CHILDREN
Our products and services are intended for adult customers. Thus, we do not knowingly collect and
process information on children under sixteen (16). If we discover that we have collected and processed
the personal data of a child under sixteen (16), or the equivalent minimum age depending on the
concerned jurisdiction, we will take steps to delete the information as soon as possible. If you become
7
aware that a child under sixteen (16) has provided us with personal data, please contact us immediately by
using the contact address specified under this Privacy Policy.
11. LINKS TO OTHER SITES
We may propose hypertext links from the Website to third-party websites or Internet sources. We do not
control and cannot be held liable for third parties’ privacy practices and content. Please read carefully
their privacy policies to find out how they collect and process your personal data.
12. UPDATES TO PRIVACY POLICY
We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will
become effective upon posting of the revised Privacy Policy via the Services. If we make changes which
we believe are significant, we will inform you through the Website to the extent possible and seek your
consent where applicable.
CONTACT
If you have any questions about this privacy notice or our processing of your personal data, or if you wish
to exercise your data protection rights, our contact details are as follows;
Data Protection Officer
Mitsubishi Logistics Europe B.V.
Columbusstraat32 3165AD Rotterdam-Albrandswaard, The Netherlands
fukai(at)mleurope.com