Privacy Policy for Business Partners

PERSON IN CHARGE (controller) / DATA PROTECTION OFFICER

This privacy policy is issued by us, MMC Hartmetall GmbH . You can find more detailed information about MMC Hartmetall GmbH in the imprint of the above-mentioned website (https://www.mmc-carbide.com/eu/site-notice). When we collect and use your personal data, we are the data controllers in the meaning of GDPR and are responsible for protecting your rights with personal data. We have appointed a data protection officer (DPO) for the purpose of privacy and data protection, whom you can contact by the following e-mail address:
dpo@mmchg.de.

CATEGORIES OF PERSONAL DATA, PURPOSE AND LAWFUL BASIS (why and on what lawful ground we use your personal data)

We collect and use the following categories of your personal data:

• basic business contact information (name, company, position, email, phone, office address, etc.);
• video image (e.g. Microsoft Teams Meeting)
• user account data and usage history on our websites or online services or our e-learning offer;
• user account data and communication via third-party portals and similar online services;
• access records to our buildings and facilities;
• records of business communication in connection with our business operation (email logs, meeting logs, reports, audit interviews, event photos, etc.).
• reports of misconducts that may reach us via the Internal Whistleblowing system.

We use your personal data for the following purposes on the lawful basis that it is necessary for the purposes of our legitimate interests, i.e. running our business efficiently and effectively.

• Managing business contact data;
• Conduct Web meetings (e.g. Microsoft Teams Meeting)
• Sales and delivery of products and services;
• Procurement of materials and services;
• Providing technical support, training (this includes an e-learning offer) and seminars;
• Providing information on new products, services, case studies, etc.;
• Receiving feedback for quality control;
• Organizing business and/or technical events;
• Auditing of suppliers;
• Checking of potential dual employment and transactions with related parties (this only applies if you are an employee of a company related to us and at the same time our business partner or if you are such an employee’s spouse, life partner or if you are the spouse, life partner of MHG’s employees in a certain position [Manager and up]);
• Facilitating any other business communication; and
• Controlling access to our physical facilities and computer/network resources.

We use your personal data for the following purposes based on the lawful basis that you give your consent. Please note that you may withdraw your consent at any time.

• Managing the registration data of the digital event platform
• Generating statistics and reporting to management in relation to the use of the above platform
• Conduct Web meetings for training/seminar (e.g. Microsoft Teams Meeting)
• Contact by staff for the purpose of providing targeted advice

• Investigating and processing reports of compliance violations and other misconduct within our company or supply chain.

SENSITIVE PERSONAL DATA

Where we collect and use sensitive categories of your personal data as defined in Articles 9 and 10 of the GDPR, we will obtain your prior and explicit consent. You may withdraw your consent at any time with effect for the future. An informal e-mail with this request is sufficient. The data processed before we receive your request may still be processed lawfully. Excepted from this consent is data where we are obliged to collect and use in order to fulfil our legal obligations or to protect vital interests of you or other persons in emergencies.

RETENTION (how long we retain your personal data)

We will retain your personal data as long as we have business relation with the company or any other entity you belong to at the time when we collect your personal data. Thereafter we keep them as may be required by applicable laws related to audit or tax issues or until we receive your objection to our retaining your personal data.
If you have given your consent to the processing, we will retain your personal data until you withdraw your consent to the processing (but no longer than 12 months if your account has been inactive), unless other legal provisions require us to retain the data for a longer period. If you do not withdraw your consent, we will delete your personal registration data as soon as your account has been inactive for 12 months.

DISCLOSURE (who we share your personal data with)

We disclose certain categories of your personal data in so far as may be necessary for the purposes above to the following entities:

• to other Mitsubishi Materials group companies as may be necessary for business purposes, e.g. expand business activities or due to legal obligations (e.g. for the proper and dutiful investigation of reports that may reach us via the Internal Whistleblowing System).
• where we provide you with user accounts for our computer/network services and resources, to Mitsubishi Materials Corporation, Tokyo (MMC), which provides us with such services and resources;
• competent public authorities to which we are obliged to disclose your personal data as required by applicable laws; and
• our service providers including those providing us with cloud computing, electronic mail or other application, business travel arrangement, courier, receptionist, conference/event arrangement, etc.

JOINT CONTROLLERS

If, when processing your personal data, there is another controller in addition to us, MHG/MHE, with whom we jointly determine the purposes and means of the processing, so that there is joint responsibility in accordance with Article 26 of the GDPR, the terms of the joint responsibility will be regulated in an agreement. The essential aspects of such an agreement can be viewed at the following link:
https://www.mmc-carbide.com/eu/joint-controllers

TRANSFER TO NON-EU COUNTRIES

We may disclose your personal data to other Mitsubishi Materials group companies that are located in countries outside of the European Economic Area, where data protection law with a level of privacy and data protection equivalent to that of GDPR is not in force. In cases where such data transfer happens, we protect your personal data by virtue of data transfer agreements with such data recipients pursuant to Article 46 of the GDPR, which impose on such recipients contractual obligations to ensure adequate level of data protection equivalent to those laid down by GDPR.

YOUR LEGAL RIGHTS

Provided that certain conditions are met, you have legal rights to request from us the following:

• Access to your personal data and to certain supplementary information covered by this notice;
• Correction of your personal data if inaccurate or incomplete;
• Erasure of your personal data in certain circumstances;
• Suspension of using your personal data in certain circumstances;
• Stopping processing your personal data in certain circumstances; and
• Obtaining your personal data in a structured, commonly used, and computer-readable format.

WEBSITE

If you visit our website, please note that there is a separated privacy notice available, explaining about the processing of your personal data during and / or after the visit of the website.

COMPLAINT

You can lodge complaints about our way of processing your personal data with data protection supervisory authorities. If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

INQUIRY

For further information and inquiry, please contact:
Person in charge:
MMC Hartmetall GmbH
Comeniusstraße 2
40670 Meerbusch
E-Mail: admin@mmchg.de

Data protection officer:
E-Mail: dpo@mmchg.de

The responsible body is the natural or legal person, which alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

PERSON IN CHARGE (controller) / DATA PROTECTION OFFICER

This privacy policy is issued by us, MMC Hardmetal Europe (Holdings) GmbH . You can find MMC Hardmetal Europe (Holdings) GmbH's contact details in the below section "INQUIRY". When we collect and use your personal data, we are the data controllers in the meaning of GDPR and are responsible for protecting your rights with personal data. We have appointed a data protection officer (DPO) for the purpose of privacy and data protection, whom you can contact by the following e-mail address:
dpo@mmchg.de.

CATEGORIES OF PERSONAL DATA, PURPOSE AND LAWFUL BASIS (why and on what lawful ground we use your personal data)

We collect and use the following categories of your personal data:

• basic business contact information (name, company, position, email, phone, office address, etc.);
• video image (e.g. Microsoft Teams Meeting)
• user account data and usage history on our websites or online services or our e-learning offer;
• user account data and communication via third-party portals and similar online services;
• access records to our buildings and facilities;
• records of business communication in connection with our business operation (email logs, meeting logs, reports, audit interviews, event photos, etc.).
• reports of misconducts that may reach us via the Internal Whistleblowing system.

We use your personal data for the following purposes on the lawful basis that it is necessary for the purposes of our legitimate interests, i.e. running our business efficiently and effectively.

• Managing business contact data;
• Conduct Web meetings (e.g. Microsoft Teams Meeting)
• Sales and delivery of products and services;
• Procurement of materials and services;
• Providing technical support, training (this includes an e-learning offer) and seminars;
• Providing information on new products, services, case studies, etc.;
• Receiving feedback for quality control;
• Organizing business and/or technical events;
• Auditing of suppliers;
• Checking of potential dual employment and transactions with related parties (this only applies if you are an employee of a company related to us and at the same time our business partner or if you are such an employee’s spouse, life partner or if you are the spouse, life partner of MHE’s employees in a certain position [Manager and up]);
• Facilitating any other business communication; and
• Controlling access to our physical facilities and computer/network resources.

We use your personal data for the following purposes based on the lawful basis that you give your consent. Please note that you may withdraw your consent at any time.

• Managing the registration data of the digital event platform
• Generating statistics and reporting to management in relation to the use of the above platform
• Conduct Web meetings for training/seminar (e.g. Microsoft Teams Meeting)
• Contact by staff for the purpose of providing targeted advice

• Investigating and processing reports of compliance violations and other misconduct within our company or supply chain.

SENSITIVE PERSONAL DATA

Where we collect and use sensitive categories of your personal data as defined in Articles 9 and 10 of the GDPR, we will obtain your prior and explicit consent. You may withdraw your consent at any time with effect for the future. An informal e-mail with this request is sufficient. The data processed before we receive your request may still be processed lawfully. Excepted from this consent is data where we are obliged to collect and use in order to fulfil our legal obligations or to protect vital interests of you or other persons in emergencies.

RETENTION (how long we retain your personal data)

We will retain your personal data as long as we have business relation with the company or any other entity you belong to at the time when we collect your personal data. Thereafter we keep them as may be required by applicable laws related to audit or tax issues or until we receive your objection to our retaining your personal data.
If you have given your consent to the processing, we will retain your personal data until you withdraw your consent to the processing (but no longer than 12 months if your account has been inactive), unless other legal provisions require us to retain the data for a longer period. If you do not withdraw your consent, we will delete your personal registration data as soon as your account has been inactive for 12 months.

DISCLOSURE (who we share your personal data with)

We disclose certain categories of your personal data in so far as may be necessary for the purposes above to the following entities:

• to other Mitsubishi Materials group companies as may be necessary for business purposes, e.g. expand business activities or due to legal obligations (e.g. for the proper and dutiful investigation of reports that may reach us via the Internal Whistleblowing System).
• where we provide you with user accounts for our computer/network services and resources, to Mitsubishi Materials Corporation, Tokyo (MMC), which provides us with such services and resources;
• competent public authorities to which we are obliged to disclose your personal data as required by applicable laws; and
• our service providers including those providing us with cloud computing, electronic mail or other application, business travel arrangement, courier, receptionist, conference/event arrangement, etc.

JOINT CONTROLLERS

If, when processing your personal data, there is another controller in addition to us, MHE/MHE, with whom we jointly determine the purposes and means of the processing, so that there is joint responsibility in accordance with Article 26 of the GDPR, the terms of the joint responsibility will be regulated in an agreement. The essential aspects of such an agreement can be viewed at the following link:
https://www.mmc-carbide.com/eu/joint-controllers

TRANSFER TO NON-EU COUNTRIES

We may disclose your personal data to other Mitsubishi Materials group companies that are located in countries outside of the European Economic Area, where data protection law with a level of privacy and data protection equivalent to that of GDPR is not in force. In cases where such data transfer happens, we protect your personal data by virtue of data transfer agreements with such data recipients pursuant to Article 46 of the GDPR, which impose on such recipients contractual obligations to ensure adequate level of data protection equivalent to those laid down by GDPR.

YOUR LEGAL RIGHTS

Provided that certain conditions are met, you have legal rights to request from us the following:

• Access to your personal data and to certain supplementary information covered by this notice;
• Correction of your personal data if inaccurate or incomplete;
• Erasure of your personal data in certain circumstances;
• Suspension of using your personal data in certain circumstances;
• Stopping processing your personal data in certain circumstances; and
• Obtaining your personal data in a structured, commonly used, and computer-readable format.

WEBSITE

If you visit our website, please note that there is a separated privacy notice available, explaining about the processing of your personal data during and / or after the visit of the website.

COMPLAINT

You can lodge complaints about our way of processing your personal data with data protection supervisory authorities. If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

INQUIRY

For further information and inquiry, please contact:
Person in charge:
MMC Hardmetal Europe (Holdings) GmbH
Comeniusstraße 2
40670 Meerbusch
E-Mail: admin@mmchg.de

Data protection officer:
E-Mail: dpo@mmchg.de

The responsible body is the natural or legal person, which alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).