§ 1 INTRODUCTION
The protection of the personal data concerning you is very important to your contractual partner within the Scandlines Group; this may be – depending on the individual supply relationship in place with you – Scandlines Danmark ApS, Scandlines Catering ApS or Scandlines Gedser-Rostock ApS, Havneholmen 25, 8. Sal, 1561 Copenhagen V or Scandlines Deutschland GmbH, Scandlines Bordershop Puttgarden GmbH or Scandlines Bordershop Rostock GmbH, Drehbahn 7, 20354 Hamburg, (referred to hereinbelow as “your Scandlines Contractual Partner” or “Scandlines”). This is why, in order to protect said personal data, Scandlines has taken measures that also serve to comply with applicable data protection laws, including the General Data Protection Regulation of the European Union (referred to hereinbelow as “GDPR”).
Your Scandlines Contractual Partner is the controller in terms of processing the personal data concerning you. The contact details of your Scandlines Contractual Partner have been set out at the bottom of this page.
The present Privacy Notice specifies which personal data we at Scandlines will collect from commercial suppliers in initiating supply relationships or performing under such relationships.
The present Privacy Notice also specifies the purposes for which the personal data concerning you will be processed and sets out the rights to which you are entitled in this respect. Personal data are any specific details about the personal or factual circumstances of an identified or identifiable natural person. This includes, for example, your name, your address, telephone number, e-mail address, IP address, and any other data that it is possible to trace back to you.
§ 2 CATEGORIES OF DATA SUBJECTS
Scandlines may collect data concerning the following categories of data subjects in the context of initiating supply relationships or performing under such relationships:
• Commercial suppliers of Scandlines (if a private individual), as well as
• Employees of commercial suppliers
(each of the above referred to hereinbelow as “you”).
§ 3 COLLECTION AND USE OF DATA
Every time one of our websites is accessed, the provisions governing data protection set out on the respective website will apply.
Above and beyond this, when Scandlines initiates supply relationships or performs under such relationships, it also may actively collect the following personal data:
• Email address, telephone number, and name of contractual partners and/or contact persons involved in a supply relationship;
• Bank account data of contractual partners;
• Any data you provide in the context of an offer or in the course of any other communications with us;
• Any other data you have chosen to provide for the purpose of managing a supplier account, such as a user name and a password.
The above data are processed and used by Scandlines only to the extent necessary for initiating the supply agreement with you or for performing under the supply agreement in place with you (Art. 6(1)(b) GDPR) and/or to manage (including the necessary communications) the supply agreement and to implement it (Art 6(1)(f) GDPR). Insofar as you yourself are not a contractual partner, the data concerning you will be processed on the basis of Art. 6(1)(f) GDPR, namely by reason of our legitimate interest in implementing, performing, and managing the supply relationship with your employer or principal.
§ 4 – COOKIES
For further information relating to cookies, please see our Cookie Policy, which is published on each of our websites. This is also where you will find further information on the technologies used, particularly Google Analytics.
§ 5 – RECIPIENTS OF THE PERSONAL DATA CONCERNING YOU
Your Scandlines Contractual Partner may share the personal data concerning you with companies within the Scandlines group (namely Scandlines Danmark ApS, Scandlines Catering ApS, Scandlines Gedser-Rostock ApS, Scandlines Deutschland GmbH, Scandlines Bordershop Puttgarden GmbH or Scandlines Bordershop Rostock GmbH) or with other enterprises that mandatorily are involved in performing the contract (e.g. banks), and will do so to the extent this is necessary for the above mentioned purposes, in particular in order manage the supply agreement in place with you. Moreover, it may be necessary to forward your data to public bodies (e.g. tax and revenue authorities or criminal investigation authorities) in order to comply with a legal obligation (Art. 6(1)(c) GDPR).
Please also note that for reasons of ensuring safety and security of operating facilities, it may be necessary to transmit certain data to third parties before you access the premises of said third parties (e.g. shipyards) in order to enable you to access said premises. Your Scandlines Contractual Partner will transmit said data to the respective third party at your express request. The third party will be responsble itself for the further processing as soon as said third party receives the data. The legal basis for transmitting data in this way is Art. 6(1)(b) GDPR for the purpose of enabling the contract to be performed.
Moreover, we kindly ask that you note the individual, further data processing procedures that may result from the use of certain Procurement and Sourcing Tools; these will be shown for each tool as soon as you use it.
§ 6 – RETENTION PERIOD
The technical data transferred from your device usually will be erased after your visit to the website has ended.
Asa general rule, data that you provide to us via the website or otherwise in the context of the contractual relationship will be stored only for as long as they are needed in order to perform under the supply relationship in place with you or your employer or principal. Where the law stipulates longer retention periods, the data may be stored for a longer period in order to comply with these obligations; this also applies to individual legitimate interests (e.g. in the event of a legal dispute).
§ 7 YOUR RIGHTS
The GDPR stipulates that you have a number of rights with regard to the personal data concerning you; you may exercise these rights by contacting Scandlines using the contact information set out below.
Right of access
Pursuant to Art. 15 GDPR, you have the right to request access to the personal data concerning you that Scandlines is processing, including the retention period, the parties with whom we have shared the personal data concerning you, etc.
Right to rectification or erasure
If the personal data concerning you that Scandlines is processing are incorrect or incomplete, you have the right pursuant to Art. 16 GDPR to have these data rectified or completed.
Subject to the pre-requisites stipulated by Art. 17 GDPR, you also have the right to have erased the personal data concerning you.
Please note in these cases that we need certain essential information from you in order to make certain functions or services available to you, in order to process your enquiries or in order to manage the supply relationship in place with you. As a consequence, if you request that this information be erased as a whole or in part, it may be that you will no longer be able to use certain services, or that you will be able to use them only partially, or that we will no longer be able to maintain the supply relationship with you.
Right to restrict the processing of the personal data concerning you
Subject to the pre-requisites stipulated by Art. 18 GDPR, you have the right to request that Scandlines restrict the processing of the personal data concerning you.
If you are entitled to such a right pursuant to Art. 18 GDPR and you exercise this right, then unless we have obtained your consent, Scandlines may store the personal data concerning you or process the personal data concerning you only for the purposes of establishing, exercising or defending a legal claim; of protecting a third party; and of protecting essential public interests.
Right to object
Pursuant to Art. 21 GDPR, you have the right to object to our processing the personal data concerning you provided that there are grounds relating to your particular situation and provided we are processing the personal data concerning you on the basis of Art. 6(1)(f) DGPR (see above). Moreover, you also may object to our processing the data concerning you for purposes of direct marketing.
Right to data portability
Subject to the pre-requisites of Art. 20 DGPR, you have the right to data portability, in other words either to yourself receive the personal data concerning you or to have the personal data concerning you transmitted to another data controller.
Right to lodge a complaint
You may contact Scandlines at any time if you believe that Scandlines is processing the personal data concerning you in violation of applicable data protection laws.
If it is impossible to find a solution with Scandlines or if you do not wish to contact Scandlines directly, you also may lodge your complaint with a competent data protection authority. This may be, for example, the supervisory authority competent for your residence or for the seat of Scandlines.
§ 8 CONTACT
External data protection officer Germany: Mr. Frank Jander, Kedua GmbH, Eichhorster Weg 80, 13435 Berlin.
We welcome your questions and suggestions on the topic of data protection; they are important to us. Please feel free to contact us by sending an email to: compliance@scandlines.com.
Last updated: 01 September 2020