For Suppliers to SBS Friction A/S
Last updated: December 20, 2023
SBS FRICTION A/S (hereinafter the "Company"), in its role of data controller, pursuant to art. 13 and art. 14 of the European Regulation 679/2016 concerning the protection of personal data (the "Regulation"), wishes to provide you with the following information:
- Types of personal data
- Purpose of the processing
- Nature of collection and processing methods
- Storage of data
- Disclosure, dissemination and transfer of data
- Rights of Data Subjects
- Identity and contact details of the Controller and contact of the Data Protection Officer
1. Types of personal data
The data provided by You and concerning the personnel assigned to the performance and management of the agreements with the Company, including name, surname, contact data, e-mail address, positions where relevant; data related to the payroll and any social, pension and/or insurance contribution duly payments with reference to Your personnel who is assigned to the performance of services in the Company’s premises (if such data are necessary for verifying the compliance with laws aimed at safeguarding personnel used for the performance if the activities under the agreements); data concerning Your legal representatives, including their judicial data, if required by the law (hereinafter the “Data Subjects”) - either where such data have been provided by You directly or if obtained by public sources (for example by the Companies House) – will be processed by the Company in accordance with the Regulation and with local laws, including possible decisions issued by the Supervisory Authority, if applicable.
In case of suppliers who are natural persons, in addition to the data described above, the Company may process also data related to invoicing and payments (included tax code and VAT number), bank data, registration in specific bars or registers, economic and financial data (such as the financial report).
2. Purposes of the processing
The Company will process the data of the Data Subjects within the performance of its own commercial and financial activities for the purpose of selection, entering into, management and performance of the contractual relationships (including scouting activities prior to entering into a contract and/or the registration into the Company’s suppliers list). In particular, the data shall be processed in order to comply with legal obligations (for example, tax and accounting obligations, obligations arising from contract work and health and safety rules at work); for the registration of suppliers into the Company’s Management System (suppliers' list); for the administrative management of the contracts, including the management of payments and invoices; for the compliance with obligation related to the supply of goods and services, as well as for managing possible litigation, for internal control purposes (safety, productivity, quality of the services, preservation of financial integrity), for certification purposes. The data of Data Subjects may also be processed for periodical evaluation of the existence of the ethical and legal requirements established by the Company’s Code of Ethics and to perform audit, also inside Your premises, on quality, process, products or sustainability. For the above-mentioned purposes your consent is not required since the Company is authorized to avail itself of the reliefs available under letter b), c) of article 6.1, of the Regulation.
In case of individual suppliers, as regards the processing of economic and financial data, such as commercial information and financial report, the Company is authorized to avail itself of the relief available under letter f) of article 6.1, of the Regulation (legitimate interests of the Company to verify the economic and financial solidity of its business partners).
3. Nature of collection and processing methods
The collection of the data concerning a Data Subject is a requirement: failing this, it becomes impossible to enter into a commercial agreement, to duly fulfil the relevant pre-contractual or contractual obligations or, in case of existing agreements, to fulfil the obligations and commitments arising from such agreements.
The data shall be processed by the Company, and by its entrusted personnel by the Company, generally by the Purchasing department and by the Administration & Finance department, as well as by other staff employees who could have the need to process them, by means of electronic or manual systems and according to the principles of fairness, integrity and transparency that are required by applicable laws on data protection as well as by preserving the privacy of the concerned persons through the implementation of technical and organizational measures ensuring an adequate safety level (including, without limitation, by preventing access by unauthorized persons -unless such access is required by the applicable laws- or by ensuring restoration of access to data after material or technical accidents).
4. Storage of data
The data shall be stored in compliance with the applicable regulations on protection of personal data for the time that is necessary to comply with the above-mentioned purposes. In particular, personal data will be stored by Company for the whole duration of the contractual relationship and also after its termination, in compliance with applicable laws (including, without limitation, the obligation to keep the invoices and other company documents for at least 5 years after the year in which the transaction took place).
5. Disclosure, dissemination and transfer of data
Without prejudice to the duty of disclosure in order to fulfil any legal or contractual obligations, the data may be disclosed to tax or legal consultants, to Company’s collaborators, to the banks, to public entities as well as to those persons that are authorized by the laws to receive such data, if required, to Danish or foreign judicial or other public authorities for the fulfilment of legal obligations, or for the performance of the obligations arising from an agreement, including for the purposes of defence before the Courts. Such entities act as independent data controllers.
Contact details may also be disclosed occasionally and for single reasons, to other customers and/or suppliers of the Company, including –without limitation - if it becomes necessary to collaborate with any of such persons for the performance of the contractual obligation.
In order to perform certain services implying the need of personal data processing, the Company may also avail of third parties, including in respect of the service of substitutive filing or quality, process and product audit services. These companies shall operate as external data processors in compliance with specific and adequate directions concerning the processing methods and safety measures as specified in specific contractual documents. The full and updated list of the companies acting as data processors is available on request to the contacts mentioned below.
The data may be disclosed to other companies belonging to the Group, including subsidiaries and affiliates, with registered office inside and outside the European Union (the updated list is available on Brembo’s website: https://www.brembo.com/en/investors/the-group/brembo-structure) if necessary for internal administration purposes and the coordination of the group, or if such companies need to cooperate for the performance of the contract. In this case, with reference to transfer the data to countries located outside the European Union, the Company undertakes to ensure a level of protection and preservation, also by means of entering into specific contracts, adequate to the applicable laws, including the entering into standard contractual clauses (a copy of the undertaken commitments with the Group companies is available on request to the contacts mentioned below). Personal data shall not be disseminated.
6. Rights of Data Subjects
A Data Subject shall have the rights contemplated in the Regulation (articles from 15-21) in respect of the processing of data contemplated thereto, including the right to:
- Obtain confirmation of the existence of personal data concerning him/her and to gain access to them (right of access);
- Obtain the updating, modification and/or rectification of its personal data (right of rectification);
- Obtain erasure, or to set limits to processing, of personal data whose processing is unlawful, including those that are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right to be forgotten and right to the restriction of processing);
- Object to processing (right to object);
- Withdraw previously given consent, if any, without prejudice to the lawfulness of processing based on that consent;
- Receive a copy in electronic form of the data concerning him or her which have been provided to a controller in the framework of an agreement and to have such data transmitted to another controller (right to data portability).
For the exercise of the rights above and in case of further requests for information regarding the present privacy notice, the Data Subject can contact the Data Protection Officer (DPO) by sending an email to firstname.lastname@example.org or by a registered letter to the legal address of the Company, to the attention of the DPO.
Data Subject may also lodge a complaint with the Supervisory Authority in case of infringement of regulations concerning the protection of personal data. In Denmark, you can file a complaint to Datatilsynet.
Should you wish to report a complaint or if you feel that SBS has not addressed your concern in a satisfactory manner, you may contact Datatilsynet: https://www.datatilsynet.dk/english/.
7. Identity and contact details of the Controller and contact of the Data Protection Officer
Email us at: email@example.com
Call us at: +45 63 21 15 15
Or write to us: SBS Friction A/S, att. Marketing, Kuopiovej 11, 5700 Svendborg, Denmark.