Data protection declaration
Our company gives high priority to the protection and security of personal data. The stipulations set out in the following are intended as information to our business partners when, against the background of the prevention of bribery and corruption, their personal data is processed in accordance with the requirements of the General Data Protection Regulation of the European Union (EU-GDPR). The full text of the General Data Protection Regulation of the European Union is available in the Internet under the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX%3A 32016R0679. If you have any further questions regarding the EU-GDPR, please do not hesitate to contact the Data Privacy Officer at any time.
1. Data controller:
Woodward L'Orange GmbH
70435 Stuttgart (Zuffenhausen)
Telefon: + 49 711 82609-0
Telefax: + 49 711 82609-61
Executive Board: Dr. Andreas Lingens
Registry Court: Amtsgericht Stuttgart
Register number: HRB 8012
2. Supervisory authority:
Baden-Württemberg State Office for Data Protection and Freedom of Information
Königstraße 10A, 70173 Stuttgart
Tel. 0711 6155410;
E-mail: poststellelfd.bwl.de; www.baden-wuerttemberg.datenschutz.de
3. Data Privacy Officer:
DPN Datenschutz GmbH & Co. KG
4. Rights of data subjects
As a person whom the processing of the data concerns, you have the following rights (data subject rights) pursuant to EU-GDPR:
4.1 Right of information:
You have the right to request information on whether the company processes data relating to your person or not. If your personal data is indeed being processed, you have the following rights:
You furthermore have the right to know whether your personal data has been used for the purpose of making an automated decision pursuant to Art. 22 EU-GDPR and, if this is the case, to know the criteria on which the automated decision was based and the possible consequences and implications of that decision for yourself.
If personal data is transmitted to a third country outside the jurisdiction of the EU-GDPR, you have right of access to information on whether adequate data protection pursuant to Art. 45 and 46 of the EU-GDPR is being provided by the data recipient in the third country, and, if so, on the basis of which guarantees.
You have the right to request a copy of your personal data. The company shall provide data copies in electronic format unless you specify otherwise. The first copy is free-of-charge. For further copies, a reasonable fee may be charged. Provision of the data is subject to any rights and freedoms of other persons who may be affected by its transfer.
4.2 Right to data correction:
You have the right to request that the company corrects your data insofar as it is incorrect, inaccurate and/or inadequate. The right to correct includes the right to have the data completed by further explanations or statements. Correction and/or completion must take place immediately i.e. without culpable delay.
4.3 Right to erasure of personal data:
You have the right to request that we erase your personal data insofar as:
The right to erasure of personal data does not obtain insofar as:
Erasure must take place immediately i.e. without culpable delay. In the event that personal data is placed by the company in the public domain (e.g. in the Internet), the company is responsible for ensuring inasfar as reasonable and technically feasible that third-party data controllers are also informed of the demand for erasure, including the erasure of links, copies or replicates.
4.4 Right to restrict data processing
You have the right to have processing of your personal data restricted in the following cases:
Personal data whose processing is being restricted at your request may only – apart from being stored – be processed as follows:
4.5 Right to data portability
You have the right – on condition of the provisions set out below – to request that the data that concerns you be submitted in a commonly used electronic and machine-readable format. The right to data transfer includes the right to transmit the data to another controller. The company will therefore – at your request and as far as technically possible – transmit the data directly to a controller named or to be named by you. The right to data transfer only applies to data provided by you and is subject to the condition that the data was provided at your consent and is to be processed for performing a contract and that data transfer will take place using automated means. The right to data portability pursuant to Art. 20 EU-GDPR does not affect the right to data erasure pursuant to Art. 17 EU-GDPR. Data transfer is subject to the rights and freedoms of other persons in cases where these rights could be affected by transmission of the data.
4.6 Right to object to specific intentions in data processing
When personal data is processed for the performance of a task carried out in the public interest (Art. 6 Par. 1 Point e) EU-GDPR) or for legitimate interests (Art. 6 Par. 1 Point f) EU-GDPR) you may object at any time to the data concerning yourself being processed, with future effect. In the event of an objection, we must refrain from any further processing of your data for the above purposes unless:
You may object to the use of your data for direct marketing purposes at any time, with future effect. This also applies to profiling insofar as it is related to such direct marketing. In the event of an objection the company must refrain from any further processing of your data for the purpose of direct marketing.
4.7 Prohibition of automated decision-making/profiling (insofar as relevant)
Decisions which have legal implications for you or otherwise significantly affect you must not be taken solely on the basis of the automated processing of personal data – including profiling. This shall not apply to the extent that the automated decision:
4.8 Exercising of data subject rights
To exercise data subject rights, contact the office named under 3. Inquiries submitted in electronic format will, as a rule, be answered in electronic format, unless otherwise specified in your inquiry. The provision of information and notifications and the taking of action pursuant to EU-GDPR, including the exercising of data subject rights, will, in principle, be free-of-charge. Only in the event of requests that are manifestly unfounded or excessive will the company be entitled to charge a reasonable fee for processing, or to refrain from taking action (Art. 12 Par. 5 EU-GDPR). In the case of justified doubt with respect to your identity, the company is entitled to request additional information from you – as far as is necessary – for the purpose of identification. If identification is not possible for the company, it shall be entitled to refuse to process your inquiry. The company shall – as far as possible – notify you separately if it is not in a position to make identification (Art. 12 Par. 6, Art. 11 EU-GDPR). Information requests are usually processed immediately, within one month of receipt. This period may be extended for another two months as necessary in respect of complexity and/or the number of inquiries received. The company shall inform you of the extension of the time limit within a month of receipt of your inquiry, stating the reasons for the delay. Should the company fail to act in response to an inquiry, it shall inform you thereof immediately, within one month of receiving your inquiry, stating the reasons and shall also inform you of the possibility of lodging a complaint with a supervisory authority or of seeking legal redress (Art. 12 Par. 3 and Par. 4 EU-GDPR). Please note that you may only exercise your data subject rights within the scope of any limits and restrictions imposed by the European Union or its member states.
4.9 Obligation to inform third parties
Should the company have disclosed personal data to other offices or recipients, it is obliged, insofar as technically possible and reasonable, to inform them of any correction, erasure and/or restriction on processing of the said data. The company shall inform you of such data recipients on request (see 4. above).
4.10 Management of data protection infringements
The company shall notify you immediately of data protection infringements that could put your personal rights and freedoms seriously at risk. However, notification might not be made in cases applicable to Art. 34 Par. 3 EU-GDPR. Notification shall particularly contain the following information:
4.11 Legal protection
In the event of objections you are entitled at all times to contact the relevant supervisory authority in the European Union or member states. The supervisory authority mentioned under 2. is responsible for our company. For reasons of space, further clauses and provisions which usually form a standard part of data protection regulations and/or works agreements have not been included here.
5. Purpose of data processing
To combat corruption and bribery, the Company has created the conditions for staff to act in a legally compliant way. These conditions also contain an element of surveillance. Gifts or hospitality granted or received must be documented in the IT-based reporting tool in accordance with internal company directives.
The following data are processed:
The source of the data is internal data banks where the data of our business partners has been stored for the purpose of executing contracts.
The aim is monitoring as an integral part of the Compliance Management System to ensure that Woodward L'Orange staff on the one hand and business partners on the other are complying with the specifications and value limits contained in the internal directives on compliance. With this Tool, it is possible to bring to light any infringement of internal rules of conduct. This monitoring function can also be performed by the internal auditing section.
Apart from helping to prevent breaches of duty, the Tool also enables compliant conduct to be documented and the required supervisory measures to be implemented within Woodward L'Orange. To this extent, the Compliance Online Tool can be seen as necessary for the prevention of bribery and corruption.
6. Legal basis for data processing
In the case of the data of business partners, a legitimate interest in the sense of Art. 6 Par. 1 Point f) of the EU-GDPR exists. A legitimate interest in processing the personal data of business partners in the scope that is absolutely necessary to prevent corruption, bribery, breaches of trust and fraud, exists.
7. Possible recipients or recipient categories
Recipients of personal data are staff from Ethics & Compliance.
8. Data processing in a third country outside the jurisdiction of the EU-GDPR
Depending on the location of Woodward L'Orange subsidiary, data will also be collected in third countries outside the jurisdiction of the EU-GDPR.
9. Information on period of retention
Personal data is to be erased from software if it is no longer needed. The retention period for data sets is five years. The retention period begins at the end of the year in which G+H was either given or received. When the retention period comes to an end, the data is to be kept in anonymized form (name, first name of employees, line managers, business partners) for a period of two years to enable it to be used for statistical purposes. On expiry of this period, the data is then to be erased.
Exceptions to this rule are data sets that upon random examination reveal concrete evidence that a criminal offense has been committed or a directive infringed, thereby necessitating further investigation. These data sets are to be archived separately until the end of the investigation. On completion of the investigation, processing of the data sets shall be restricted for a period of two years. In the event of follow-up investigations, the processing restrictions may be lifted and the data sets processed as appropriate. If two years pass without the introduction of a follow-up investigation, the data sets are to be erased.
Personal data can be erased at the personal request of the business partner concerned insofar as this does not affect the legitimate interests of the company.
Cookies are small data files which are stored temporarily (2 years if they are not deleted) on your hard disk. This simplifies navigation and increases the user-friendliness of a website. Cookies can be used to determine whether any communication has already been sent from your computer to our sites. Cookies make it possible to identify your computer but they cannot establish any link to a particular person.
11. Communication by email
Communication by email can involve security gaps. Expert Internet users may be capable of intercepting, reading or even altering emails on their way from or to Woodward L'Orange. If we receive an email from you, we assume that we have the right to reply by email. If this is not the case, you must expressly indicate this and designate an alternative means of communication.
12. Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as: Google). Google Analytics uses various technologies, including so-called cookies that are stored on your computer and allow an analysis of the use of this website by its visitors. The information obtained by Google Analytics regarding your use of this website will be transferred to Google servers which may be located in countries outside of the member countries of the European Union and may also be outside of the signatories of the agreements regarding the European Economic Area. Your IP address will be anonymised by Google through the activation of the IP anonymisation within the Google Analytics tracking code on this internet page prior to transferring. This website uses a Google Analytics tracking code that has been expanded by the operator gat._anonymiselp() in order to ensure that IP addresses can only be stored anonymously (so-called IP masking). On behalf of the operator of this website, Google will use this information in order to evaluate your visit to this internet page, compile reports about the website activities and provide additional services related to the website usage and the internet usage to the website operator. The IP address transferred from your browser by Google Analytics will not be combined with other Google data. You can prevent the storing of Google cookies via corresponding configurations of your browser software. However, we expressly inform you that in this case you may not be able to use all functions of this website to their full extent. You can prevent the recording of your data by Google Analytics by clicking on the following link. This will activate an opt-out cookie that prevents the recording of your data when visiting this website in the future: Deactivate Google Analytics. You can find the security and data protection guidelines of Google Analytics at: https://support.google.com/analytics/answer/6004245?hl=en.
13. Opt-out cookie
You can prevent the recording of your data by Google Analytics by clicking on the following link. This will activate an opt-out cookie that prevents the recording of your data when visiting this website in the future: Deactivate Google Analytics.