Privacy Policy

Edit cookie preferences

This following document provides information about the processing of personal data when using our website, the contact form, as well as if you contact us by telephone or in writing. Personal data is any information that relates directly or indirectly to a natural person.

In short, this document describes:

  • How to contact us and our data protection officer;
  • What kind of personal data we process and why we do so;
  • The legal basis on which we process your personal data;
  • Who can access it, how long we keep it and where it comes from;
  • How you can access your personal data and how you can exercise other rights.

1. Data controller and data protection officer

Toshiba Railway Europe GmbH, Bunsenstraße 29, 24145 Kiel, Germany

You can reach our data protection officer via the following contact options:

TÜV Rheinland Industrie Service GmbH, Vogelsanger Weg 6, 40470 Düsseldorf, Germany

Phone: 0049 (0)211 3876 929-0

E-mail: [email protected]

2. External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website access and other data generated via a website.

The host is used for the purpose of secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR). If corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a) GDPR. Consent can be revoked at any time with effect for the future.

Our host will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. In this sense, an order processing contract has been concluded in accordance with Art. 28 GDPR.

We use the following host:

Revere Agency Ltd

Alexander House, Mere Park, Dedmere Road. Marlow SL7 1FX

3. Website in general

3.1 Purpose of processing / categories of personal data

When using the contact form, your individually entered personal data is processed, which cannot be monitored by the controller. Please consider data minimization when using the contact form.

SSL encryption is used to protect your personal data.

3.2 Lawfulness of the processing

Personal data is processed in order to display our website to you and to ensure stability and security. The lawfulness of the processing is based on a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.

3.3 Deletion of data

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.

4. Cookies

4.1 General

When using our website, technically necessary cookies are stored on your computer. Cookies are small text files that are filed and stored on a computer system via the browser. Cookies are used to make it easier for you to use the site, e.g. language settings.

4.2 Borlabs Cookie

This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. The use is based on a legal obligation (Art. 6 para. 1 lit c) GDPR). Borlabs Cookie does not process any personal data.

Borlabs Cookie stores your consent that you gave when entering the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.

4.3 The events calendar

The plug-in events calendar is used to inform you about upcoming events. This is only a calendar overview. You also have the option to register for an event. The processing is based on consent (Art. 6 para. 1 lit a) GDPR) and can be revoked at any time with effect for the future.

Mandatory fields:

  • Name
  • Your address
  • Phone number
  • E-mail address

Optional:

  • Company name

The data will be deleted if it is no longer required to achieve the purpose for which it was collected.

For personal data from the input mask of the event calendar, this is the case when registration has been successfully completed and the event is over.

4.4 IThemes Security

We have integrated IThemes Security on this website. The provider is IThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter “IThemes Security”).

IThemes Security is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, IThemes Security collects, among other things, your IP address, time and source of login attempts and log data (e.g. the browser used). IThemes Security is installed locally on our servers.

The use of IThemes Security is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its website from cyberattacks as effectively as possible. If corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and Section 25 para. 1 TTDSG (German Law on Telecommunications), insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

4.5 Google Maps

This website uses the map service Google Maps by the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The IP address must be stored in order to use Google Maps. This information is usually sent to a Google server hosted in the USA. We have no influence on this processing.

Google Maps is used to show you a direct map section as part of the event plug-in.

The processing is based on your consent according to Art. 6 para 1 lit. a) GDPR and Section 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s end device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time with effect for the future. In the case of revocation, the stored information will also be deleted.

Processing in the USA is based on the EU standard contractual clauses. More information on handling user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en

4.6 Fathom Analytics

We want to process as little personal information as possible when you use our website. This is why we’ve chosen Fathom Analytics for our website analytics, which doesn’t use cookies and complies with the GDPR, ePrivacy (including PECR), COPPA and CCPA. With this privacy-friendly website analytics software, your IP address is only briefly processed, and we (running this website) have no way of identifying you. As per the CCPA, your personal information is de-identified. You can read more about this on Fathom Analytics‘ website.

The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “Article 6(1)(f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.

4.7 YouTube

This website uses the YouTube embedding function to display and play videos from YouTube. We use the extended data protection mode, which, according to the provider, only starts storing user information when the video is played. The moment playback of the embedded video is started, YouTube uses cookies to collect information about user behaviour.

According to information from YouTube, these are used, among other things, to record video statistics, improve user-friendliness and prevent abusive behaviour.

Regardless of whether the embedded videos are played, a connection to the Google ‘DoubleClick’ network is established each time this website is accessed, which may trigger further data processing operations without our influence.

Further information on data protection at YouTube can be found in the provider’s privacy policy at: Privacy Policy – Privacy & Terms – Google

5 Contact form and e-mail contact

5.1 Purpose of processing / categories of personal data

A contact form is available on our website, which can be used for electronic contact. If you take advantage of this option, the data entered in the input screen will be transmitted to us and stored. This data is:

Mandatory fields:

  • First and last name
  • Country
  • E-mail address

Optional:

  • Organization / company
  • Address / post code
  • Telephone number

At the time of sending the message, the following data will also be stored:

 Date and time of sending the request.

The processing of personal data from the input screen (contact form) serves solely for us to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems. The optional fields are only used for easier communication and are not mandatory.

5.2 Legitimacy of the processing

The legal basis for the processing is the legitimate interest of the controller according to Art. 6 Para 1 lit. f) GDPR to enable communication with the company. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In this context, data will not be passed on to third parties. The data will be used exclusively for processing the request.

5.3 Deletion of data

The data will be deleted insofar as it is no longer required to achieve the purpose for which it was collected. For personal data from the input screen of the contact form and that sent by e-mail, this is the case if the respective conversation with the user has ended.

6 Processing personal data of business partners

6.1 Purpose of processing / categories of personal data

In the context of a contractual relationship or a prior contractual relationship, we may process your name, title, function, professional contact data (address, e-mail, telephone number), bank details, data on creditworthiness and solvency, information in accordance with the declaration of suitability, data in connection with the execution of the specific order and tax-relevant data.

Furthermore, your data may be used on the basis of a consideration of interests to protect our legitimate interests or those of third parties. The following interest must be considered in particular:

  • our overall business management and further development of services, systems and products;
  • meeting internal requirements,
  • insurance, for auditing or administrative purposes;
  • ensuring IT security and operations;
  • asserting legal claims and defending legal disputes;
  • prevention and investigation of criminal offences, risk management.

6.2 Lawfulness of processing

Lawfulness of processing is the initiation or existence of a contractual relationship according to Art. 6 para. 1 lit. b) GDPR. Should a balancing of interests be carried out for the processing of personal data, lawfulness of the processing is based on a legitimate interest of the controller according to Art. 6 para 1) lit f) GDPR. The interests are described in the previous section.

Furthermore, if you have given your consent to the processing of personal data, the lawfulness is consent according to Art. 6 para. 1 lit. a) GDPR.

You may revoke your given consent at any time with effect for the future.

Our business is subject to various legal requirements (regarding technical audits, operational security, money laundering, taxes, etc.) as well as regulatory requirements and financial reporting obligations. To comply with these legal requirements we may need to process personal data according to Art. 6 para. 1 lit. c) GDPR.

6.3 Sources of personal data

We receive personal data directly from the business relationship with you, with your employer or from your colleagues. Under certain circumstances, we may have received your data from third parties, e.g. from visitors at a trade fair.

6.4 Deletion of data

We will retain your data for as long as we need it for activities related to our existing contractual relationship, the establishment of new contractual relationships or to secure / defend us against legal claims.

Our documentation obligations, e.g. from the German Commercial Code, the German Fiscal Code and the Money Laundering Act, require us to retain the data for 5 to 10 years. The legal limitation periods, especially in the product liability business, require storage for up to 30 years.

7. Recipients of personal data

We may share your data with:

  • Processors used by us (Art. 28 GDPR), in particular in the field of IT services and logistics, who process your data for us in accordance with instructions;
  • Public bodies and institutions in the event of a legal or regulatory obligation;
  • Our respective employees, consultants, representatives, agents, auditors, service providers, suppliers.

8. Transfer to third countries

We share personal data with our affiliated companies, including Japan. This is done on the basis of an adequacy decision by the EU Commission and a Toshiba Intra Group Data Sharing Agreement.

Furthermore, tools are used from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and processed there. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. Therefore it is not possible to rule out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.

9. Rights as a data subject

You have the following rights as a data subject:

  • You have the right to obtain information about your processed personal data.
  • You have the right to rectification or deletion of your personal data.
  • You have the right to object to or restrict the processing of your personal data.
  • You have the right to data portability of your personal data.

Furthermore, you have the right to file a complaint at the supervisory authority:

Independent Centre for Data Protection Schleswig-Holstein (supervisory authority)

P.O. Box 71 16, 24171 Kiel

Tel.: 0431 988-1200, Fax: 0431 988-1223

E-mail: [email protected]

10. Data protection regulations when using the “Microsoft Teams” tool

Through the company, “Microsoft Teams” is used to perform telephone conferences, online meetings, video conferences and / or webinars (hereinafter: online meetings). “Microsoft Teams” is a service provided by the Microsoft Corporation.

The controller for data processing directly related to conducting “online meetings” is Toshiba Railway Europe GmbH.

Note: when you call up the “Microsoft Teams” Internet site, the “Microsoft Teams” provider is the controller for data processing. However, calling up the Internet page is only necessary to download the software for using “Microsoft Teams”.

If you do not want to or cannot use the “Microsoft Teams” app, it is possible to use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website to this extent.

When using “Microsoft Teams”, various types of data are processed, depending in particular on what the respective participants discuss in the meeting.

The following personal data is subject to processing:

User details: e.g. display name, e-mail address if applicable, profile picture (optional), preferred language, meeting metadata such as date, time, meeting ID, telephone numbers, location text, audio and video data: you may have the option of using the chat function in an online meeting. To this extent, the text entries you make are processed in order to display them in the online meeting. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” application.

Recording does not normally take place and is only permitted with consent (approval).

Automated decision-making within the meaning of Art. 22 GDPR is not used.

The legal basis for data processing when conducting online meetings is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.

If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. We have an interest in the effective implementation of online meetings.

Personal data processed as part of participating in online meetings will not be disclosed to third parties unless this is specifically intended for disclosure.

Other recipients: the provider of “Microsoft Teams” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided in the context of our order processing agreement with “Microsoft Teams”.

Disclaimer

The information contained on this website is subject to change without notice.

The information contained herein is only intended as a guide to the use of our products. Toshiba assumes no responsibility for any infringement of patents or other rights of third parties which may result from the use of this information. No license is granted, by implication or otherwise, under any patent or patent rights of Toshiba or others.

Toshiba products may not be embedded in downstream products, the manufacture and sale of which is prohibited by law or regulation.

Toshiba assumes no responsibility for incidental damages (including lost profits, business interruption, loss of business information and other pecuniary losses) arising from the use of or inability to use Toshiba products.

The products described in this document may contain products subject to foreign exchange and foreign trade laws.

The products described in this document may contain products subject to foreign exchange and foreign trade laws or regulations applicable in the EU, Germany, the U.S. or locally.

Deviations which are in violation of applicable foreign trade laws or regulations are prohibited.