Japan
United States
Mexico
Brazil
EU
United Kingdom
Germany
Spain
France
Italy
Poland
Turkey
China
South East Asia, Oceania, South Africa
India
For steels
For stainless steels
For cast iron
For non-ferrous metal
For difficult to cut material
For hardened material
MMC HARTMETALL GMBH’s POLICY ON USING PERSONAL DATA
IN THE CONTEXT OF THE WHISTLEBLOWING SYSTEM
published: 01.03.2024
We, MMC Hartmetall GmbH (MHG), take your privacy seriously. When we collect and use your personal data for the purposes of our Whistleblowing System, we undertake to comply with applicable data protection laws including EU General Data Protection Regulation (the “GDPR”) and Federal Data Protection Act (BDSG/Bundesdatenschutzgesetz). Please note that data transmitted via the internet may be subject to security breaches. Complete protection of your data from third-party access is not possible. Below is our policy on how we collect, use and protect your personal data. You can obtain the latest version of this policy at the following link:
https://www.mmc-carbide.com/eu/privacy/pp-whistleblowingsystem
PERSON IN CHARGE (controller) / DATA PROTECTION OFFICER
This privacy policy is issued by us, MMC Hartmetall GmbH. You can find more detailed information about MMC Hartmetall GmbH in the imprint of the above-mentioned website (www.mmc-carbide.com/eu/privacy). When we collect and use your personal data, we are the data controllers in the meaning of GDPR and are responsible for protecting your rights with personal data.
We have appointed a data protection officer (DPO) for the purpose of privacy and data protection, whom you can contact by the following e-mail address: dpo@mmchg.de.
PURPOSE OF THE DATA PROCESSING
MHG processes the personal data of the whistleblower(s), unless the whistleblowing is anonymous, as well as the personal data of the accused person(s), such as name and other communication and content data, exclusively for the purpose of receiving and investigating tips about criminal, illegal, morally reprehensible or unfair acts in a secure and confidential manner.
CATEGORIES OF PERSONAL DATA
We collect and use the following categories of your personal data:
- Information about the whistleblower (unless he/she wishes to remain anonymous) and the accused, such as
- First and last name
- Function/title
- Contact details (e-mail address, telephone number)
- If applicable, other personal data related to the employment relationship - Personal information identified in the whistleblower reports, including details of the allegations made and evidence supporting those allegations
- Date and time of telephone calls (when the report is received via the telephone hotline)
- Any other information identified in the investigation findings and in the follow-up procedure following the report, e.g. information on criminal conduct or data on unlawful or improper conduct, where this has been reported
LEGAL BASIS OF THE PROCESSING
Directive (EU) 2019/1937 ("EU Whistleblower Directive") and the German Whistleblower Protection Act as of July 2, 2023 require the establishment of a whistleblower system in order to give employees and third parties the opportunity to provide information on legal violations in the company in a suitable manner. The processing of personal data is necessary due to a legal obligation (Art. 6 para. 1 p. 1 lit. c GDPR).
SENSITIVE PERSONAL DATA
We collect and use sensitive categories of your personal data as defined in Articles 9 or 10 of GDPR only when such collection and use is authorized by the said article(s), the Federal Data Protection Act or the Whistleblower Protection Act.
DISCLOSURE (who we share your personal data with)
All personal data will be collected via a web-based software operated by LegalTegrity GmbH, Platz der Einheit 2, 60327 Frankfurt am Main. LegalTegrity therefore acts as a processor in the meaning of Art. 28 GDPR and the processing will be done on the basis of a data processing agreement concluded with MHG.
Further to this, your personal data will be made available only to those persons who have a legitimate need to process this data due to their function. In some cases, MHG may be required to share the data with authorities (such as those having legal or regulatory jurisdiction over the employer, law enforcement agencies and legal bodies) or external advisors (such as auditors, accountants, lawyers). We may share your personal data with our parent company Mitsubishi Materials Corporation, if the incident might have effects on the Group.
If personal data is processed by external service providers, this will generally be done on the basis of order processing contracts in accordance with Article 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR and that all persons authorized to process personal data have committed themselves to confidentiality or are subject to an appropriate legal duty of confidentiality.
RETENTION (how long we retain your personal data)
The personal data will be kept in the respective proceedings for as long as the clarification and final assessment requires, a legitimate interest of the company or a legal requirement exists. Afterwards, this data is deleted in accordance with the legal requirements. The duration of storage depends in particular on the severity of the suspicion and the reported possible breach of duty.
TRANSFER TO NON-EU COUNTRIES
We may disclose your personal data to other Mitsubishi Materials group companies that are located in countries outside of the European Economic Area, where data protection law with a level of privacy and data protection equivalent to that of GDPR is not in force. In cases where such data transfer happens, we protect your personal data by virtue of data transfer agreements with such data recipients pursuant to Article 46 of the GDPR, which impose on such recipients’ contractual obligations to ensure adequate level of data protection equivalent to those laid down by GDPR.
YOUR LEGAL RIGHTS
Provided that certain conditions are met, you have legal rights to request from us the following:
- According to Art. 14 GDPR, if your data is collected without your knowledge (for example, because you are involved in the whistleblowing procedure as an accused person), you have the right to be informed about the storage, the nature of the data, the purpose of the processing and the identity of the controller. However, if there would be a significant risk that such information would jeopardize the companies' ability to effectively investigate the allegation or gather the necessary evidence, this information can be postponed according to Art. 14 (5) p. 1 lit. b GDPR for as long as this risk exists. The information must then be provided as soon as the reason for the postponement has ceased to exist.
- In accordance with Art. 15 of the GDPR, you have the right to request information about the personal data concerning you that is processed by MHG.
- In accordance with Art. 16 GDPR, you have the right to request the immediate correction or completion of incorrect or incomplete data stored by us.
- Pursuant to Art. 17 GDPR, you have the right to request the erasure of personal data concerning you that is stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation to which the company is subject, for the performance of a task carried out in the public interest, or for the establishment, exercise or defence of legal claims.
- Pursuant to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of such data or if the processing of such data is unlawful.
- In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format, and to transmit this data to another controller without hindrance or to have it transmitted by us.
- Pursuant to Art. 21 GDPR, you have the right to object to the processing of your personal data, where there are grounds for doing so based on your particular situation. Your data will then no longer be processed unless the company can demonstrate compelling grounds for the processing which override the interests, rights and freedoms of the data subject, or for the assertion, exercise or defence of legal claims.
If you wish to exercise any of your rights or have further questions about data protection, please contact us or our DPO, whose e-mail address can be found in the below abstract “INQUIRY”.
WEBSITE
If you visit MHG’s website, please note that there is a separated privacy notice available, explaining about the processing of your personal data during and / or after the visit of the website.
COMPLAINT
You can lodge complaints about our way of processing your personal data with data protection supervisory authorities. If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
INQUIRY
For further information and inquiry, please contact:
Person in charge:
MMC Hartmetall GmbH
Comeniusstraße 2
40670 Meerbusch
E-Mail: admin@mmchg.de
Data protection officer:
E-Mail: dpo@mmchg.de
The responsible body is the legal person, which alone decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
For finish cutting
For medium cutting
For rough cutting
