Privacy and cookie policy and Customer data processing
Customer data processing
This customer data processing section of our Privacy Policy describes the processing of personal data by Sulzer in general and contains specific provisions for specific software applications. Sulzer observes the information obligations under the articles 13 and 14 of the European Union General Data Protection Regulation (GDPR).
Why is this relevant for you?
In line with the European General Data Protection Regulation (GDPR), the Sulzer Group informs you about how the companies of Sulzer Management Ltd and its affiliates (together Sulzer) process personal data as far as they are not covered by other Sulzer privacy policies or are evident from the circumstances or are provided for by applicable law. Personal data means all information relating to an identified or identifiable person. In particular, the following persons are considered customers of Sulzer according to this customer information:
- Business contacts and potential customers and suppliers and their respective employees
- Current and former customers and suppliers and their respective employees
- Distributors, agents and other intermediaries and their respective employees
- Financial community (for example, shareholders investors, brokers, analysts)
- Journalists
- Visitors of Sulzer facilities and locations
- Visitors and users of websites, social media channels and messenger services registered with Sulzer (Sulzer pages)
Who is responsible for processing your personal data?
Every website (including web-portals and microsites for special events or offers), every presence on social media, multimedia portals, chatbots, messengers and every app of Sulzer (“Sulzer pages”) has a controller within Sulzer with respect to collecting personal data according to GDPR (or comparable provisions according to applicable data protection laws). Unless provided otherwise on the Sulzer pages (according to the terms of use, privacy policy etc.), Sulzer Management Ltd is the controller.
Should a Sulzer company or affiliate disclose personal data to another Sulzer company or affiliate for certain purposes of the receiving company or affiliate, such company or affiliate is the controller according to article 4 (7) GDPR.
If you would like to get detailed information or express concern about this Privacy Policy, please contact:
Sulzer Global Data Privacy Officer
Sulzer Management Ltd.
Neuwiesenstrasse 15
8401 Winterthur, Switzerland
Email: privacy [at] sulzer.com
What personal data do we collect?
Sulzer collects personal data of customers generally directly when using a Sulzer page, at events of Sulzer, or during direct communication via email, telephone or in any other way. However, in some cases, personal data can also be collected indirectly from other sources, e.g., debt registers, commercial and association registers, press, internet; or sources that are legitimately transferred within the Sulzer Group or from other third parties such as credit agencies, service providers, or derived from combining data sets.
According to applicable law and insofar it is necessary for the purposes of processing, Sulzer processes personal data from the following “data subjects”:
- Business contacts and potential customers and suppliers and their respective employees
- Current and former customers and suppliers and their respective employees
- Distributors, agents and other intermediaries and their respective employees
- Financial community (for example, shareholders, brokers, analysts)
- Journalists
- Visitors of Sulzer facilities and locations
- Visitors and users of websites, social media channels and messenger services registered with Sulzer
i) Personal data and Contact Information: first and last name, contact details, address, residence, telephone number, email address, correspondence data, employer, shares owned, etc.;
ii) Data in connection with product and services marketing: information such as newsletter opt-ins and opt-outs, documents received, invitations to and participation at events and special activities, personal preferences and interests;
iii) Data in connection with the use of Sulzer pages: IP address and other identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), date and time of visits, duration of visit, visited sites and contents, referring websites, etc.;
iv) Data of users of the Website who do not register with Sulzer but may constitute personal data for example with social media. The provisions of this policy regarding data collected from a customer in connection with the use of the Website shall apply accordingly, even though the identification of a visitor usually is not possible for Sulzer;
v) Data in connection with communication: such as preferred means of communication, correspondence and communication with Sulzer (including records of the communication), information regarding their function, information relating to the previous contact with these individuals, data regarding marketing activities (e.g. receipt of newsletters), information regarding business transactions, requests, offers, tenders, conditions and contracts, information related to professional or other interests of the individuals etc.;
vi) Data pertaining to orders and purchases: payment information, credit card details and other payment details, billing and shipping address, products and services ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescission and disputes, etc.;
How do we use personal data (purposes of processing) and on what legal basis?
In accordance with applicable law, Sulzer processes personal data for the following purposes:
i) in connection with services offered, negotiation, conclusion and performance of contracts, maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials);
ii) management of the users of the Website and other activities in which customers participate, operation and enhancement of the Website (including the provision of functions which require identifiers or other personal data) and further IT systems, identity verification;
iii) protection of customers, employees and other individuals and protection of data, secrets and assets of and entrusted to Sulzer, safety of systems and premises of Sulzer;
iv) compliance with legal and regulatory requirements and internal rules of Sulzer, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities;
v) sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of associated customer data;
In accordance with applicable data protection laws Sulzer may also process:
viii) data about visitors of the Website for the purpose of maintaining and developing the Website (including the provision of functions which require identifiers or other personal data), for statistical analysis about the use of the Website to improve the user journeys, and for combating abusive conduct. The data may also be processed for purposes of legal investigations or proceedings and for the response to inquiries of public authorities; and
ix) data about business contact and potential customers for the purpose of entering into and performance of contracts and other business relationships, promotions, advertisement and marketing, communication, invitation to events and participation in promotions, organization of joint activities. The data may also be processed for purposes of compliance with legal and regulatory requirements and internal rules of Sulzer, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities, for the sale or acquisition of business units, companies or parts of companies and other corporate transaction and related transfers of the data.
All the purposes of processing shall be applicable for entire Sulzer, i.e. not only for the company which initially collected the personal data. Personal data of customers is collected for the purpose of all Sulzer companies.
Sulzer processes personal data to achieve the purpose of processing according to the following legal grounds:
i) performance of contracts with customers;
ii) compliance with legal obligations of Sulzer;
iii) consent of the customer (only insofar as the processing is based on a specific query and can be withdrawn at any time, namely the receipt of newsletters for which the client has registered for);
iv) legitimate interests of Sulzer, especially:
- purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as individuals receiving a gift);
- carrying out advertisement and marketing activities;
- efficient and effective customer support, maintenance of contact and other communication with customers outside of the processing of contracts;
- understanding customer behavior, activities, concerns and needs, market studies;
- efficient and effective improvement of existing products and services and development of new products and services;
- efficient and effective protection of customers, employees and other individuals as well as protection of data, secrets and assets of or entrusted to Sulzer, safety of systems and premises of Sulzer;
- maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the Website and other IT systems;
- reasonable corporate governance and development;
- successful sale and acquisition of business units, companies or parts of companies and other corporate transactions;
- compliance with legal and regulatory requirements and internal rules of Sulzer; and
- concerns regarding the prevention of fraud, offences and crimes as well as investigation in connection with such offences and other improper conduct, handling of claims and actions against Sulzer, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions.
Who can access personal data and where do we transfer the data?
Sulzer may transfer personal data to the following recipients who shall process the data in accordance with the purpose of processing and on behalf of Sulzer or for their own purposes:
i) Sulzer employees authorized to process employee-related personal data on need-to-know basis
ii) service providers (within Sulzer or externally) including data processors;
iii) dealers, suppliers and other business partners;
iv) customers of Sulzer;
v) local, national and foreign authorities;
vi) acquirers and prospective acquirers of business divisions, companies and other parts of Sulzer;
vii) other parties in potential or actual legal proceedings;
viii) other companies of Sulzer
Sulzer may disclose personal data within Sulzer as well as to third parties in every country worldwide, generally to the countries in which Sulzer is represented by companies, affiliates or other offices and representatives as well as to countries in which service providers of Sulzer process their data. As a general rule, personal data is stored within EU and Switzerland. If data is disclosed to or stored in countries that do not guarantee adequate protection, Sulzer will warrant adequate protection of the data in accordance with applicable data privacy laws and by putting adequate contractual guarantees in place. Examples are EU standard contractual clauses, binding corporate rules, or basing the transfer on the exceptions of consent, conclusion or performance of contract, the determination, exercise or enforcement of legal claims, overriding public interests, or disclosing the data in order to protect the integrity of these individuals. The customer can obtain a copy of the contractual guarantees from or will be advised where to obtain such copies by the contact person named above. Sulzer reserves the right to redact such copies for reasons of data protection or secrecy reasons.
How long do we store personal data?
As a general rule, Sulzer retains personal data as long as the contractual or relation with the customer is ongoing and for ten years after the termination of the contractual relationship. A longer statutory store obligation may apply on a case-by-case basis or as required for reasons of proof or another valid reason, or the deleting of the data is required earlier (because the data is no longer required, or because Sulzer is required to delete the respective data).
For operational data containing personal data (e.g. protocols, logs), the retention periods depends on the reasonable need for processing. Business records, including communications, will be retained as long as Sulzer has an interest in them (for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements, an interest in non-personalized analysis) or is obligated to do so (by way of contract, law or other provisions). Deviating legal obligations is reserved for anonymized or pseudonymized data.
Do we use automated decision making?
Sulzer does not generally use any automated decision making or profiling pursuant to Article 22 of the GDPR. Should Sulzer make such automated decisions, the affected individuals will be informed subsequently or separately in advance in accordance with applicable law.
Which rights do customers have concerning their data?
Any affected person, including any customer, visitor and business contact, may request information from Sulzer as to whether data concerning them is being processed. In addition, they have the right to request the correction, destruction or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected person may withdraw consent at any time. Such withdrawal does not have retroactive effect. Sulzer reserves the right to base the processing of personal data on one or more different legal grounds. In countries of the EU and EEA, the affected individual may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer (data portability). Sulzer reserves the right to restrict the rights of the affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.
Any affected person with a complaint about the processing of their personal data may put forward the matter to Sulzer’s Global Data Protection Officer or raise a complaint with the competent data protection authority, which in the case of a Sulzer controller in Switzerland is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch).
Additional information for specific forms of processing
Sulzer.com website
Provisions regarding the Sulzer.com website can be found in the Privacy and cookie policy and in the Terms of use of the Sulzer website.
Newsletters
Sulzer may send newsletters, e-mails or other commercial communications in connection with its products and services to customers and business partners. The respective customers and business partners have a right to object to a further mailing of newsletters or other commercial communications at any time through their account on the respective Website or through the link indicated in every mailing. The termination of one newsletter may not entail the termination of other newsletters. Sulzer may install coding in newsletters and other marketing email, which allows it to determine if the recipient has opened an email or downloaded pictures and / or clicked on links contained in the email. The recipient may block this application in his / her email application.
This privacy policy is effective as of March 11, 2020. Sulzer is entitled to amend this Privacy Policy at any time and without prior notice or announcement. The latest version according to Sulzer.com is applicable. Should the privacy policy form part of an agreement with customers, Sulzer may inform them of an update or amendments by email or in another appropriate manner. The amendments shall be deemed to have been accepted unless an objection is raised within 30 days of notification. In case of objection, Sulzer shall be free to terminate the agreement exceptionally and with immediate effect.