Privacy Statement

Introduction Chapter mentioning the Controller

We, VDMA – Verband Deutscher Maschinen- und Anlagenbau e.V., (hereinafter referred to as “We” or “VDMA”), are pleased about your interest in the ISOBUS databases. Your privacy is very important to us. We take the protection of your personal data and confidential treatment thereof very seriously. Processing of your personal data is strictly subject to the applicable statutory provisions of data protection legislation, the General Data Protection Regulation (hereinafter referred to as “GDPR”). With this privacy statement, we are informing you on the processing of your personal data and of your data protection rights during using the ISOBUS database.

1. Controller of the Data Processing and Data Protection Officer; Contact

The Controller of the data processing as defined in data protection legislation is:
VDMA – Verband Deutscher Maschinen- und Anlagenbau e.V.
Lyoner Straße 18
60528 Frankfurt am Main
Phone: +49 (0) 69 / 6603 - 0
Email: info@vdma.org
www.vdma.org

If you have questions or comments on data protection, please do not hesitate to contact us. You can reach our Data Protection Officer as follows:
Scheja & Partner Rechtsanwälte
Adenauerallee 136
53113 Bonn
Phone: +49 (0) 228 / 227226 - 0
www.scheja-partner.de/kontakt/kontakt.html

2. Subject Matter of Data Protection

Personal data is the subject matter of data protection. Personal data is any information referring to an identified or identifiable natural person. It includes data such as name, postal address, e-mail address or telephone number, but also information which necessarily arises during using the ISOBUS database, such as information on commencement, end and scope of use.

3. Purposes and Legal Bases of Data Processing

Below, you will be provided with an overview of the purposes and legal bases of the data processing while using the ISOBUS database.

We process personal data if this is required for the preparation and performance of a contract with you. The purposes depend on the specific contract and particularly comprise

  • User registration for the database
  • Requesting new items or requesting changes for existing items
  • Contacting us via the website

Data processing is performed based on Article 6 Paragraph 1 Letter b) GDPR. You also must state the personal data which is required for the preparation and performance of using the ISOBUS database. Without such data, we will not be able to process your request or fulfil the contract.

We will delete the data as soon as it is not necessary anymore for the purposes of preparing and performing a contract and no other legal requirement applies. If the latter is the case, we will delete the data after such other legal requirement is not applicable anymore.

We also process your personal data to meet legal obligations to which we are subject. Such obligations may result from trade, tax, money laundering, financial or criminal legislation. The purposes of the processing result from the respective legal obligation; in general, the processing serves the purpose of meeting statutory control and information obligations.

Data processing is carried out based upon Article 6 Paragraph 1 Letter c) GDPR. If we collect data due to a legal obligation, you must state the personal data necessary for fulfilment of the legal obligation. Without such provision, we might not be able to process your request.

We will delete the data as soon as the legal requirement ceases to apply to the extent no other legal requirement applies. If the latter is the case, we will delete the data after such other legal requirement is not applicable anymore.

We also process your personal data to safeguard justified interests of us or of third parties. Thereby, we pursue the following interests which at the same time are the respective purposes:

  • ensuring the technical operation;
  • replying to requests without contractual relevance
  • ensuring data security;
  • ensuring data availability;
  • removal of errors and disturbances;
  • prevention of criminal act;
  • business management;

Data processing is performed based upon Article 6 Paragraph 1 Letter f) GDPR. In cases in which you must provide data for the above purposes, we expressly point out. Without such provision, we might not be able to process your request.

We will delete the data as soon as it is not necessary for the purposes pursued by us anymore and if no other legal requirement applies. If the latter is the case, we will delete the data after such other legal requirement is not applicable anymore.

Should you have granted an approval for certain purposes, the purposes result from the respective contents of such approval.

Data processing is carried out based upon Article 6 Paragraph 1 Letter a) GDPR. In cases in which you must provide data for this, we expressly point out. Without such approval, we cannot meet your request contained in the approval. You can revoke an approval at any time without the lawfulness of the processing performed based upon the approval before revocation thereof being impaired.

We will delete the data if it is not necessary for the purposes pursued by us anymore or if you have revoked the approval and if no other legal requirement applies. If the latter is the case, we will delete the data after such other legal requirement is not applicable anymore.

4. Recipients of Personal Data

Internal recipients: Within VDMA, only such persons have access who need it for the purposes set forth under number 3.

External recipients: We disclose your personal data to external recipients outside VDMA only if this is necessary to handle or process your request or if there is any other legal permit or you have provided us with an approval for this. External recipients may be:

  • Processors: VDMA group companies which we use for the provision of services, for example in the areas of technical infrastructure and maintenance for the offering of VDMA or provision of contents with contractual relevance. Such processors are chosen by us carefully and audited on a regular basis to make sure that your privacy is protected. The service providers may use the data only for the purposes stated by us.
  • Public bodies: Authorities and state institutions, such as public prosecution offices, courts or financial authorities to which we must transmit personal data for compulsory statutory grounds.
  • Private bodies: Distributors, cooperation partners or assisting persons to whom data is transmitted based upon an approval or a legal basis, for example our webhosting company as well as technical partners ensuring the maintenance and provisioning of the website.

5. Automated Decision-Finding and Profiling

We neither use automated decision-finding mechanisms nor profiling.

6. Storage Period

The storage period of personal data is set forth in the respective chapter on data processing.

In addition, the following generally applies: We store your personal data only if this is necessary for the fulfilment of our purposes or – in the event of an approval – until you revoke your approval. In the event of an objection, we will delete your personal data, unless further processing thereof is permitted under the relevant legal provisions. We will also delete your personal data if we are obliged thereto for legal grounds.

7. Rights of Data Subjects

As data subject affected by the data processing, you are entitled to several rights. In detail:

  • Right of information: You are entitled to receive information on your personal data stored by us.
  • Right of correction and deletion: You can request us to correct wrong data and – to the extent the statutory requirements are fulfilled – to delete your data.
  • Restriction of processing: You can request us – to the extent the statutory requirements are fulfilled – to restrict the processing of your data.
  • Data portability: If you provided us with data on the base if a contract or an approval, you can request, if the statutory requirements are fulfilled, to receive the data provided by you in a structured, common and machine-readable format or that we transmit them to another controller.
  • Objection against data processing in the event of the legal basis of “justified interest”: You are entitled to object to data processing by us for reasons resulting from your particular circumstances at any time to the extent this is based upon the legal basis of “justified interest”. If you exercise your right of objection, we will cease processing your data, unless we can, in accordance with statutory provisions, prove compulsory reasons worthy of protection for further processing which outweigh your rights.
  • Revocation of the approval: To the extent you provided us with an approval of processing your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until such revocation shall remain unaffected.
  • Complaint with the supervisory authority: In addition, you can file a complaint with the competent supervisory authority if you believe the processing of your data violates applicable law. For this purpose, you can contact the data protection authority competent for your place of residence or your country or the data protection authority which is competent for us.
  • Your contact with us and exercise of your rights: You can contact us free of charge if you have questions on the processing of your personal data, your rights as data subject and any approval granted. To exercise all your abovementioned rights, please contact info@vdma.org or send a letter to the address set forth above under number 1. Please make sure that we can clearly identify you. If you revoke an approval, you may choose the communication path which you used when you granted the approval.

8. Status

The current version of this Data Privacy Statement shall apply. Status 22/05/2018.