Privacy policy for suppliers
Suppliers
This privacy statement explains how your personal data is used by SWISS KRONO and what rights and options you have in this regard.
It applies to all personal data either provided by you to SWISS KRONO or obtained from this data.
For information on how we use the data obtained through cookies or other web-tracking or analysis technologies, please read our Cookie Policy.
1. Who is responsible for your personal data
We at SWISS KRONO AG are responsible for all personal data that you provide to us as part of our business relationship.
2. Categories of personal data collected by us
We collect and process personal data that falls under the following categories in particular:
3. What we use your personal data for
We will only use your personal data for the following purposes (the “permitted purposes”):
Your personal data may also be used for the following purposes insofar as you have provided your express consent:
We will not use your personal data to make automated decisions that affect you or to create profiles other than those described above.
The legal basis for processing your personal data is set out in Article 6 of GDPR and in Article 6 and Article 31 nDPA.
Depending on which of the above purposes we use your personal data for, we are required to process it in order to fulfil a contract or other business agreement with SWISS KRONO, to comply with our legal obligations, or to pursue our legitimate interests. This is always provided that your interests or fundamental rights and freedoms do not prevail over these interests.
Furthermore, this data may also be processed based on your consent, provided that you have expressly provided us with this.
4. How we gather and use your personal data
We will normally collect your personal data directly from you as part of our interaction – for example, when you visit our website, communicate with us regarding our business relation or register on our SAP Customer Data Cloud in the supplier portal as a wood supplier or wood transporter and book delivery times.
SWISS KRONO uses the SAP Cloud Platform Portal, in which the SAP Customer Data Cloud is integrated, for the supplier portal to host the mobile applications. The SAP Fiori Launchpad is used for this, which works as a UI technology and includes a web analysis function. No business-related or personal data is stored in the SAP Fiori Launchpad. Accordingly, information about the identity of the user is not possible; instead, only a summary of the behaviour of all users can be evaluated. The Fiori Launchpad also operate as an interface for the execution of your business transactions, especially for selecting and booking time slots of wood deliveries. Business-relevant data (including master data and transaction-related data) that you provide to us as part of the business relationship is stored in the SAP S/4 Hanna backend. At the end, your personal data such as first and last name, postal address and mobile phone number in particular are stored exclusively in the SAP Customer Data Cloud.
We do not receive personal data from third parties unless these are absolutely necessary to execute the contractual relationship with us.
5. Where personal data is processed
SWISS KRONO is a globally active company. As part of our business activities, we may also need to forward your personal data to recipients in countries outside of the European Economic Area (“third countries”), where the data is not protected to the same extent by law as under the laws in your home country.
If it is necessary for us to do so, we will comply with applicable data protection requirements and take appropriate security measures to ensure that your personal data is protected and secure, in particular through the agreement of EU standard contractual clauses, which can be viewed here.
Personal data that we process in SAP S/4 Hanna and in our SAP Customer Data Cloud is stored exclusively in the European Union (Zary/Frankfurt).
If you would like further information about these safety measures, you can contact us at any time using the details provided below.
6. How we protect your personal data
We ensure our physical, electronic and procedural security measures comply with recognised technological and legal privacy requirements in order to protect your personal data.
These security measures include the introduction of specific technologies and processes, such as secure servers, firewalls and SSL encryption, which are designed to protect your privacy. We will always strictly adhere to the applicable laws and regulations governing the confidentiality and security of personal data.
7. Who we share your personal data with
We may share your personal data as follows:
In all other cases, we will only disclose your personal data at your request or if you grant us permission in the event that we are required to do so under applicable law or regulations, or by any judicial or regulatory order, or if we suspect fraudulent activity or a criminal offence.
8. Retention period for personal data
We will retain your personal data for as long as it is required for the purposes and for managing your business relationship with us.
If you have asked us not to contact you, we will retain this information until your request has been processed.
Furthermore, we are obliged to retain certain personal data for a certain period of time (in connection with business transactions, for example) under the applicable law.
Your personal data will be deleted immediately once it is no longer required for these purposes.
9. YOUR RIGHTS
Subject to certain legal conditions, you may request access to your personal data or request that it be rectified, deleted or restricted in terms of how it is processed.
You may also object to your data being processed or even request that it be transferred.
More specifically, you are entitled to request a copy of the personal data we hold in your name. If, however, you make this request several times, we may ask for a reasonable fee.
Details of your privacy rights can be found in Articles 15 to 22 of the GDPR and Articles 25 to 29 of nDPA. As we are keen to ensure that your personal data is accurate and up to date, you may also ask us to correct or remove any information that you believe is incorrect.
If you have consented to your personal data being processed, you may still revoke your consent at any time with future effect, i.e. the revocation of consent has no bearing on the lawfulness of the processing based on the consent provided prior to this revocation.
In the event that consent is revoked, we may only process the personal data if there is another legal reason for doing so.
If you would like to assert one of the aforementioned rights, please send us a description of your affected personal data including your name, supplier number or other SWISS KRONO identification number as proof of your identity using the contact details provided below.
We may require an additional proof of identity (in the form of a copy of your passport or national identity card) to protect your personal data from unauthorised access.
We will consider your request carefully and potentially even contact you to discuss how best to fulfil it.
If you have any concerns or complaints with regard to how we handle your personal data, please contact us using the details provided below to allow us to investigate the matter further.
If you are not satisfied with our response, or believe that we are not processing your personal data in accordance with applicable law, you are entitled to file a complaint with the data protection supervisory authority in your country.
The relevant supervisory authority for us is as follows:
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Mr Adrian Lobsiger
Feldeggweg 1
3003 Bern, Switzerland
Telephone: +41 58 462 43 95
Fax: +41 58 462 99 96
E-mail: [email protected]
www.edoeb.admin.ch
10. Obligation to provide personal data
You essentially provide us with your personal data on a voluntary basis. Generally speaking, there will be no adverse consequences for you if you do not consent or provide any personal data.
There are, however, some cases in which SWISS KRONO cannot act without certain aspects of your personal data – for example, if this personal data is required to, allow you to access an online quote or perform a legally required compliance check.
In such cases, SWISS KRONO will regrettably not be able to comply with your request without the essential personal data.
11. Changes to this statement
This privacy statement was last updated in February 2022.
We may amend or update the statement from time to time to reflect changes in the way we use your personal data or to reflect changes in the legal requirements.
We therefore recommend that you re-examine its contents every once in a while.
Changes to the privacy statement shall apply from the date on which they are published on our website or our supplier portal.
12. How to contact us
If you have any questions or comments, or would like to assert your rights, please contact:
SWISS KRONO AG
Willisauerstrasse 37
6122 Menznau, Switzerland