data by Komatsu Europe International NV, a corporation existing under
the laws of Belgium, with registered office at 1800 Vilvoorde, Belgium,
Mechelsesteenweg 586, registered in Brussels under number RPR/CER
(0)404.968.268 (together with the other Komatsu subsidiaries in the EEA
referred to as : “Komatsu” or “we”)
when you have a meeting with us in of our premises or another place. In
is not limited to, our/your buildings, our/your offices, our/your sites
and/or machines, etc. A “meeting” includes, but is not
limited to, a visit to one of our/your premises, a training,
appointment, fair or event organised by us or where we are present,
etc., regardless whether the meeting takes place at our premises, your
premises or at another place and regardless whether the meeting is
physical or virtual.
For any questions with regard to the processing of your personal data,
you can contact us via e-mail at PrivacyOffice@komatsu.eu.
1. In general
1.1 When we process personal data of yours, Komatsu will be the data
controller of that processing activity. Our contact details are the
accordance with the terms defined in the EU General Data Protection
Regulation (GDPR) (Regulation 2016/679 of 27 April 2016 on the
protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing Directive
regulations also includes any change, replacement or annulment of these
laws or regulations, including any related executive decisions.
1.4 We reserve the right to from time to time modify this General
communicated via an appropriate way.
2. Types of personal data we process
2.1 When we have a meeting with you, we collect the following
personal data about you:
your contact details, such as your name, e-mail
address and phone number;
information about the time you enter our building
or have a meeting with us;
information about your location;
your license plate;
the name and contact details of the company or organisation for which you work and your job title or function
- information about your preferences and consumption in terms of food and drinks.
2.2 When we want to contact you after a meeting at a fair or event, we
also process the following information about you:
information regarding your CV;
information about your professional competences and experience
2.3 When you participate in a training course, we also process the
following data about you:
information about your professional competences and experience;
information about the training or meeting itself.
2.4 When you want us to arrange your stay in a hotel in the context of
your meeting, we will also process the following information:
such as your flight hours, the location of the hotel, the time of
the stay and type hotel.
2.5 Normally, we do not process any sensitive data
about you. However, should it be relevant to process your health data within the framework of your meeting,
for example because you are disabled and we have to take this into
account during the meeting, for instance to make your visit to one
of our premises run smoothly or if we provide food in the context
of a meeting and you are allergic to something, we will ask your
explicit consent before we process this data.
3. Purposes for which we process your personal data
We process your personal data:
3.1 To safeguard the security of, and access to, the premises.
3.2 For safety reasons in the context of, for example, an evacuation.
3.3 To inform persons with whom you have a meeting that you arrived.
3.4 To make it possible to contact you in response or as a follow-up to our meeting.
3.5 To manage our participants lists, for instance when you participate a training course or a visit.
3.6 To arrange your stay.
3.7 To plan and organise the meeting.
3.8 To be able to defend us in judicial or other proceedings, if necessary.
3.9 To inform a third party and its advisors in the context of a
possible merger with, acquisition by/of, demerger by, or other
share or asset purchase deal with that third party, also if that
third party is located outside the European Union.
3.10 To comply with our legal obligations or with any request from
law enforcement agents or representatives, judicial authorities,
governmental agencies or bodies, including data protection
4. Legal basis for processing your personal data
4.1 Processing of your personal data for the purposes outlined in
Article 3.1 of this Policy is necessary to pursue our legitimate
interest, namely to safeguard security.
4.2 Processing of your personal data for the purposes outlined in
Article 3.2 of this Policy is necessary to pursue our legitimate
interest, namely to safeguard safety.
4.3 Processing of your personal data for the purposes outlined in
Article 3.3 of this Policy is necessary to pursue our legitimate
interest, namely to inform people with whom you have a meeting.
4.4 Processing of your personal data for the purposes outlined in
Article 3.4 of this Policy is necessary to pursue our legitimate
interest, namely to be able to contact you.
4.5 Processing of your personal data for the purposes outlined in
Article 3.5 of this Policy is necessary to pursue our legitimate
interest, namely to manage our participant lists.
4.6 Processing of your personal data for the purposes outlined in
Article 3.6 of this Policy is necessary to pursue our legitimate
interest, namely to plan and organise the meeting.
4.7 Processing of your personal data for the purposes outlined in
Article 3.7 of this Policy is necessary to pursue our legitimate
interest, namely to arrange your stay.
4.8 Processing of your personal data for the purposes outlined in
Article 3.8 of this Policy is necessary to pursue our legitimate
interest, namely to be able to defend ourselves in case of a dispute.
4.9 Processing of your personal data for the purposes outlined in
Article 3.9 of this Policy is necessary to pursue our legitimate
interest, namely to be able to explore or conduct normal corporate or
4.10 Processing of your personal data for the purpose outlined in Article
3.10 is necessary to allow us to comply with our legal obligations.
4.11 If we process any health data of yours for one of the purposes
outlined in Article 3 that include personal data as described in Article
2.5, we will ask for your consent.
5. Retention period
5.1 As a general principle, we keep your personal data no longer as to
achieve the purposes described in Article 3 or up until such time where you
withdraw your consent for processing the data. We would like to emphasize
that we provide the necessary appropriate safeguards for the security and
integrity of your personal data.
5.2 If the personal data are no longer required, we will delete these in a
6. To whom we send your personal data
6.1 We may rely on third-party processors (such as security companies) to
process your personal data on our behalf. These third-party processors are
only allowed to process your personal data on our behalf and upon our
explicit written instructions.
6.2 We share your personal data with other entities within our group where
necessary. We ensure that all companies of our group will take due care
that all processing of your personal data is in line with what is set out
7. Location and transfer
7.1 We process your personal data first and foremost within the European
Economic Area (EEA). However, we may also exceptionally transfer your
personal data to other companies of our group or to third parties who
process on our behalf that are established outside the EEA. If such
transfer takes place, we will ensure that there are safeguards in place to
ensure the safety and integrity of your data as well as all rights with
respect to your personal data you have under applicable mandatory law.
7.2 Each such company of our group or third party established outside the
EEA that processes your personal data will be bound to observe adequate
safeguards in order to ensure the safety and integrity of your data. Such
safeguards will be the consequence of:
- The country of the recipient having legislation in place which is
considered equivalent to the protection offered within the EEA; or
- A contractual arrangement between us and that entity. All companies of
our group are parties to a contractual agreement based on the European
Commission’s Standard Contractual Articles (controller-to-controller)
(Commission Decision C(2004)5721).
8. Quality assurances
8.1 We consider your personal data confidential and treat these as such.
8.2 We will take appropriate technical and organizational measures to keep
your personal data safe from unauthorized access or theft as well as
accidental loss, tampering or destruction. Access by our personnel or
processors will occur on a need-to-know basis only and will be subject to
confidentiality obligations. You acknowledge, however, that safety and
security are best-efforts obligations which can never be guaranteed.
8.3 Despite strong security measures, infringements can never be completely
ruled out. If a breach of security or confidentiality of your personal data
occurs and this breach also poses a high risk to your rights and freedoms,
we will notify you of this breach as soon as possible.
9. Your rights
9.1 You have the right to request access to all personal data pertaining to
you that we process. We reserve the right to charge an administrative fee
for multiple subsequent requests for access that are clearly submitted for
the purpose of causing nuisance or harm to us. Each request has to specify
for which processing activity you wish to exercise your right of access and
which data categories you wish to gain access to.
9.2 You have the right to request that any personal data pertaining to you
that are inaccurate, be corrected free of charge. If you submit a request
for correction, such request has to be accompanied by proof of the flawed
nature of the data for which correction is asked.
9.3 You have the right to withdraw your earlier-given consent for the
processing of your personal data.
9.4 You have the right to request that personal data pertaining to you be
deleted if these data are no longer required in the light of the purposes
outlined in Article 3 or if you withdraw your consent for processing the
data. However, we will evaluate a request for deletion against:
- overriding interests of Komatsu, another company of our group or any
other third party; or
- any legal or regulatory obligations or administrative or judicial orders
which may contradict such deletion.
Instead of deletion you can also ask that we limit the processing of your
personal data if:
you contest the accuracy of the data;
the processing is illegitimate; or
· the data are no longer needed for the purposes mentioned in Article 3.
9.5 You have the right to object the processing of personal data, unless we
demonstrate compelling legitimate grounds for the processing which override
your interests, rights and freedoms or for the establishment, exercise or
defence of legal claims.
9.6 You have the right to receive from us in a structured, commonly-used
and machine-readable format all personal data you have provided to us where
the processing is based on your consent or the necessity of the performance
of an agreement with you and if the processing is carried out by automated
9.7 If you wish to submit a request to exercise one or more of the rights
mentioned above, you can send us a letter or an e-mail to PrivacyOffice@komatsu.eu. A
request to exercise a right will not be construed as consent with the
processing of your personal data beyond what is required for handling your
request. Any request has to clearly state which right you wish to exercise
and the reasons for it if such is required. It should also be dated and
signed, and accompanied by a digitally-scanned copy of your valid identity
card proving your identity.
We will promptly inform you of having received this request. If the request
proves valid, we will honour it as soon as reasonably possible and at the
latest thirty (30) days after having received the request.
If you have any complaint regarding our processing of your personal data,
please feel free to contact us via e-mail at PrivacyOffice@komatsu.eu. You
also have the right to file a complaint with the competent data protection