As at: 01.07.2021
In the following Data Privacy Statement, CLAAS KGaA mbH ("CLAAS") provides information about how your personal data is processed on this website.
A. General Data Privacy Statement
I. Controller's name and contact details
The controller is:
CLAAS KGaA mbH
II. Contact details of the data protection officer
The group's data protection officer can be contacted as follows: CLAAS KGaA mbH
Data Protection Officer
III. Storage period
CLAAS stores your personal data only for as long as necessary in order to fulfil the purpose for which it is collected and processed. Where necessary, CLAAS shall store your data for the duration of the business relationship. This includes, but is not limited to, the initiation and execution of the contract.
Furthermore, CLAAS stores your personal data if and as long as this is required to fulfil contractual or legal obligations. We thus process your data to fulfil commercial or fiscal verification and retention obligations. The stipulated retention and documentation periods are six years in accordance with the commercial requirements under Section 257 of the German Commercial Code (HGB) and up to ten years under the fiscal requirements pursuant to Section 147 of the Fiscal Code of Germany (AO), provided the data is no longer required for tax purposes (e.g. because a company audit is ongoing). The periods start at the end of the calendar year in which the record was created.
If the data is no longer required to fulfil contractual or legal obligations, it will be regularly erased, unless you have given CLAAS consent to process your data and/or further processing is required based on CLAAS' legitimate interests, for example to win back customers and defend against legal claims in legal disputes. In the case of data processed to defend against legal claims in legal disputes, the storage period shall also be based on the legal limitation periods. In accordance with Sections 195 et seq. of the German Civil Code (Bürgerliches Gesetzbuch, BGB), these are up to 30 years, with the regular limitation period lasting three years, starting at the end of the calendar year in which the claim arises. In this case, processing shall be limited, i.e. limited to the minimum scope required for the claim and blocked for other purposes.
The provision above does not apply insofar as the Separate Data Privacy Statement specifies otherwise.
IV. Categories of recipients
- Carefully selected service providers. Service providers we engage, who support us in the performance of the business relationship, are granted access to the data. These companies operate in the following categories: Hosting providers, data management, software as a service, e-mail services, IT services (e.g. maintenance and support, data migration), consulting, service providers in the first, second and third level support, call centre services, customer administration, lettershops, marketing, media technology, telecommunications, customer relations management and lead management, tracking service providers, web agencies, compliance, disposal services (e.g. document shredders), companies who perform analyses for us, financial service providers, shipping and logistics services, printing services, technology service providers (e.g. for hardware and accessory parts). If any additional categories of service providers are employed, please refer to the relevant Separate Data Privacy Statement.
- Transfer to third parties. We shall also transfer your data to third parties if this is permitted by legal or contractual provisions and/or you have given your consent. On this condition, the data can be transferred to the following categories of recipients: Public bodies and institutions (such as the public prosecutor's office, police, tax authority, data protection supervisory authority) to process official requests, provided that this is in your interest or we are legally obligated to do so. The legal basis for this is Article 6(1f) or 6(1c) GDPR.
- Data transfer within the CLAAS Group. We shall transfer your data to other companies within the CLAAS Group or grant them access to your data. Insofar as this is required for administrative purposes, this shall be based on our legitimate interest in internal administrative purposes and group reporting. The legal basis for this is Article 6(1f) GDPR. If this is required to prepare for an agreement initiated by you or to fulfil contract-related obligations, or if you have given your consent, the legal basis is Article 6(1b) or 6(1a) GDPR. If we are legally entitled to do this, the legal basis arises from Article 6(1c) GDPR. We refer to the Separate Data Privacy Statement for any data transfer to third parties beyond the scope described here.
- Third parties with whom we have an ongoing business relationship. If this is required to prepare for an agreement or to fulfil contract-related obligations, or if you have given your consent, the legal basis is Article 6(1b) or 6(1a) GDPR. If we are legally required to do this, the legal basis arises from Article 6(1c) GDPR.
V. Transfer to third countries
If we transfer your personal data ourselves or via service providers to countries based outside the European Union, we shall comply with the relevant particular requirements of Article 44 et seq. GDPR and our service providers shall also undertake to comply with these regulations. We shall therefore only transfer your data to countries based outside the European Union subject to the level of security guaranteed by the GDPR. This level of security is guaranteed in particular on the basis of an adequacy decision by the European Commission or with suitable guarantees in accordance with Article 46 GDPR.
Data is transferred to third countries (countries outside the EU or the European Economic Area – EEA) if, for example, this
- is required to fulfil a contract to which you are a contractual party or if this is required to respond to your requests;
- is required to safeguard our legitimate interests;
- is stipulated by law or you have given your consent;
- takes place as part of contract processing when involving service providers.
If there is no European Commission decision for the country in question as to a level of data protection that is appropriate for European data protection requirements, we shall enter into corresponding contracts to ensure that your rights and freedoms are suitably protected. An agreement of this kind ensures that a suitable level of data protection exists at the data recipient, especially with the agreement on the European Union's standard contractual clauses with the recipient. Otherwise, we can also perform a data transfer based on your express consent. You can withdraw your consent with future effect at any time, see Section A.VII. We will be happy to provide you with more detailed information free of charge on request. Please use the aforementioned contact details for this purpose.
Where we permit the recipient to process data without a suitable level of data protection based on your consent alone, please note the following risks: There may not be sufficient measures in place to protect your personal data appropriately; there is no data protection supervisory authority; the implementation of your data protection rights of the data subject is impeded or has been disregarded; there is no control over the further processing of data by and transmission of data to third parties.
Any further information required can be found in our Separate Data Privacy Statement.
VI. Obligation to provide personal data
Unless specified otherwise in the Separate Data Privacy Statement, you are not legally or contractually required to provide your data.
VII. Rights of the data subject
In accordance with Article 15 GDPR, you have the right to obtain information about the data that we hold that relates to you. If incorrect personal data has been processed, you have the right to rectification of your data in accordance with Article 16 GDPR. If the legal requirements apply, you can request erasure or restriction of processing and submit an objection to data processing (Articles 17, 18 and 21 GDPR). In accordance with Article 20 GDPR, you can exercise the right to data portability for data that is automatically processed on the basis of your consent or under a contract.