|Continental Aktiengesellschaft, Vahrenwalder Straße 9, D-30165 Hannover, processes your data within the scope of using the Continental AP Vendor Portal in accordance with the applicable statutory provisions.
1. General Information
Personal data that you enter will be processed by Continental AG for the purpose(s) stated below. Insofar it is necessary for the fulfilment of the purpose, the data may also be transferred to third parties affiliated with Continental AG within the meaning of §§ 15 ff. (German) Stock Corporation Act and in accordance with the Binding Corporate Rules of Continental.
“Personal data“ Art. 4 No 1 EU GDPR
Means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing“ Art 4 No 2 EU GDPR
Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Pseudonymization“ Art 4 No 5 EU GDPR
Means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Controller“ Art 4 No 7 EU GDPR
Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
Vahrenwalder Straße 9, D-30165 Hannover
1.3 Purpose and legal basis for the processing of personal data
Your data will be processed exclusively on the basis of the following data protection regulations (legal basis):
|Data Processing (Purpose)
||Duration of Storage
|Contact / Interaction with Continental
(e.g. contact form, etc.)
|Art. 6 para. 1 lit. a) EU GDPR (consent)
Art. 6 para. 1 lit. b) EU GDPR (performance of contract)
Art. 6 para. 1 lit. c) EU GDPR (legal obligation)
|Your data will be processed with your consent until revocation, otherwise deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. We assume final processing if it can be deduced from the circumstances that the matter in question has been conclusively clarified.
Registration to the Vendor Portal and sending of log in details
The following personal data is processed for the account creation:
• Company email address
• Initial password
Art. 6 para. 1 lit. c) EU GDPR (legal obligation)
Art. 6 para. 1 lit. f) EU GDPR
Offering a service portal for customer to facilitate the access to invoices and other payment information
|We will only retain your Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
1.4 Art. 22 GDPR
An automated decision in individual cases, including profiling, does not take place.
Your personal data will be transferred to the following data recipients (within Continental):
1. Continental Automotive Technologies GmbH
2. Continental Reifen Deutschland GmbH
3. ContiTech Aktiengesellschaft
To ensure the above-mentioned data processing, we transmit data to the following service providers (hereinafter referred to as SERVICES):
4. Continental Automotive Systems, Inc., 21700 Melrose Ave. Southfield, MI 48075 USA
Continental Automotive Systems, Inc. will collect and process your personal data on our behalf on the basis of EU standard contractual clauses and the Binding Corporate Rules of Continental (based on an adequate data processing agreement). For further details on EU standard contractual clauses, see Standard Contractual Clauses (SCC) | European Commission (europa.eu).
2. Protection of stored Data
Our company and our Service Provider use technical and organizational security measures to protect the personal data you provide to us from manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously improved and adapted according to the state of the art. Unencrypted data can possibly be viewed by third parties. For this reason, we would like to point out that no secure transmission can be guaranteed with regard to data transmission via the Internet (e.g. when communicating by unencrypted e-mail). Sensitive data should therefore either not be transmitted at all or only via a secure connection (SSL). You can determine the SSL status of the connection by looking at the address line of your browser ("https").
When you visit our website / web app, information is stored on your computer/device in the form of a so-called cookie (small text files). Technically necessary cookies are only used to ensure the operation of the website.
Our website uses session cookies to store user settings and enhance your experience (UseCookies, _RequestVerification, ASP.Net_SessionId).
Furthermore, you can also set the acceptance of cookies via your browser settings. However, please note that in this case you may not be able to use all functions of this website / web app to their full extent.
4. Your Rights in Relation to Your Data
Once you have provided your Data, you have several rights, which you can exercise free of charge, subject to statutory exceptions. These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep.
To exercise any of your rights, please contact us by mail at: firstname.lastname@example.org
4.1 What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
4.2 Time Limit to Respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
4.3 Right to Access and Rectify Your Data
You have the right to access, review, and rectify your Data. You may be entitled to ask us for a copy of your information, to review or correct it.
You can request information as to whether your personal data is being processed. If this is the case, you can request further information, in particular on the purposes of the processing, the categories of personal data processed, the recipients, the storage period or, if this is not possible, the criteria for determining the duration, as well as further information.
You may request a copy of your personal data, which will be provided to you in a commonly used electronic format in the event of a request by e-mail, provided that this does not adversely affect the rights or freedoms of other persons.
You can contact us by e-mail at: email@example.com
Request correction: This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
4.4 Right to Erasure
In addition, it is possible to process your personal data for another purpose in compliance with the statutory provisions. For example: assertion or defense against legal claims. This purpose exists only as long as the limitation periods allow the assertion of legal claims.
4.5 Request Restriction of Processing
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
1. If you want us to establish the data's accuracy.
2. Where our use of the data is unlawful but you do not want us to erase it.
3. Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
4. You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
In the event of restriction, your personal data may only be stored and, in particular, processed only with your consent or for the purpose of asserting or exercising as well as defending against legal claims.
4.6 Right to Object to the Processing
Under certain circumstances you may object to the processing of your Data, where we are relying on a legitimate interest (or those of a third party) according to Art. 6 para 1 lit. f GDPR and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
You can contact us by e-mail at: firstname.lastname@example.org
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR if you believe that your rights under this Regulation have been infringed as a result of the processing of your personal data in breach of this Regulation.
We would, however, welcome the opportunity to deal with your concerns in the first instance, and will work towards addressing any issues or complaints that you may have.
6. Obligations to Provide Personal Data
You are not legally or contractually obliged to provide your personal data.
7. Policy Updates