In the following document we inform you about the processing of personal data when using our website, the contact form, as well as contacting us by telephone or in writing. Personal data is any information that relates directly or indirectly to a natural person.
In short, this document describes:
- How to contact us and our Data Protection Officer;
- What kind of personal data we are processing and why we do so;
- The legal basis on which we process your personal data;
- Who can access it, how long we keep it and where it comes from;
- How you can access to your personal data and how you can exercise other rights.
1. Data controller and data protection officer
Toshiba Railway Europe GmbH, Bunsenstraße 29, 24145 Kiel, Germany
You can reach our data protection officer via the following contact options:
TÜV Rheinland Industrie Service GmbH, Vogelsanger Weg 6, 40470 Düsseldorf, Germany
Phone: 0049 (0)211 3876 929-0
2. External Hosting
This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, contractual data, contact data, names, website accesses and other data generated via a website.
The hoster is used for the purpose of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f) GDPR). If a corresponding consent was requested, the processing is based exclusively on Art. 6 para. 1 lit. a) GDPR. The consent can be revoked at any time with effect for the future.
Our hoster will only process your data to the extent necessary to fulfill its service obligations and follow our instructions regarding this data. In this sense, an order processing contract has been concluded in accordance with Art. 28 GDPR.
We use the following hoster:
Revere Agency Ltd
Alexander House, Mere Park, Dedmere Road. Marlow SL7 1FX
3. Website in general
3.1 Purpose of processing / categories of personal data
When using the contact form, your individually entered personal data is processed, which cannot be monitored on the part of the controller. When using the contact form, please consider data minimization.
SSL encryption is used to protect your personal data.
3.2 Lawfulness of the processing
Personal data is processed in order to display our website to you and to ensure stability and security. The lawfulness of the processing is based on a legitimate interest according to Art. 6 para. 1 lit. f) GDPR.
3.3 Deletion of the data
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
When using our website, technically necessary cookies are stored on your computer. Cookies are small text files that are filed and stored on a computer system via the browser. Cookies are used to make it easier for you to use the site, e.g. language settings.
4.2 Borlabs Cookie
This website uses Borlabs Cookie, which sets a technically necessary cookie (borlabs-cookie) to store your cookie consent. The use is based on a legal obligation (Art. 6 para. 1 lit c) GDPR). Borlabs cookie does not process any personal data.
The cookie “borlabs-cookie” cookie stores your consents that you gave when entering the website. If you wish to revoke these consents, simply delete the cookie in your browser. When you re-enter/reload the website, you will be asked again for your cookie consent.
4.3 The Events Calendar
To inform you about upcoming events, the plug-in events Calendar is in use. This is only a calendar overview. You also have the option to register for an event. The processing is based on consent (Art. 6 para. 1 lit a) GDPR) and can be revoked at any time with effect for the future.
- Your Address
- Phone number
- e-mail address
- Company name
The data will be deleted if it is no longer required to achieve the purpose for which it was collected.
For the personal data from the input mask of the event calendar, it is the case, if the registration is successful completed and the event is over.
4.4 IThemes Security
We have integrated IThemes Security on this website. The provider is IThemes Media LLC, 1720 South Kelly Avenue Edmond, OK 73013, USA (hereinafter “IThemes Security”).
IThemes Security is used to protect our website from unwanted access or malicious cyberattacks. For this purpose, IThemes Security collects, among other things, your IP address, time and source of login attempts and log data (e.g. the browser used). IThemes Security is installed locally on our servers.
The use of IThemes Security is based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its website from cyberattacks as effectively as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) GDPR and § 25 para. 1 TTDSG (German Law), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
4.5 Google Maps
This website is using the map service Google Maps of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use Google Maps, it is necessary to store the IP address. Usually, this information is sent to a Google server hosted in the USA. We have no influence on this processing.
Google Maps is used to show you a direct map section as part of the event plugin.
The processing is based on your consent according to Art. 6 para 1 lit. a) GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time with effect for the future. In case of a revocation, also the stored information’s will be deleted.
4.6 Fathom Analytics
The purpose of us using this software is to understand our website traffic in the most privacy-friendly way possible so that we can continually improve our website and business. The lawful basis as per the GDPR is “Article 6(1)(f); where our legitimate interests are to improve our website and business continually.” As per the explanation, no personal data is stored over time.
5 Contact form and e-mail contact
5.1 Purpose of processing / categories of personal data
A contact form is available on our website, which can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:
- First and last name
- E-mail address
- Organization / Company
- Address / postal code
- Telephone number
At the time of sending the message, the following data will also be stored:
Date and time of sending the request.
The processing of personal data from the input mask (contact form) serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems. The optional fields are only used for easier communication and are not mandatory.
5.2 Legitimacy of the processing
The legal basis for the processing is the legitimate interest of the controller according to Art. 6 Para 1 lit. f) GDPR to enable communication with the company. If the e-mail contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b) GDPR. In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the request.
5.3 Deletion of data
The data will be deleted insofar as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, it is the case, if the respective conversation with the user has ended.
6 Processing of personal data of business partners
6.1 Purpose of processing / categories of personal data
In the context of a contractual relationship or a prior contractual relationship, we may process your name, title, function, professional contact data (address, e-mail, telephone number), bank details, data on creditworthiness and solvency, information in accordance with the declaration of suitability, data in connection with the execution of the specific order and tax-relevant data.
Furthermore, your data may be used on the base of a consideration of interests to protect the legitimate interests of us or third parties. Especially the following interest must be considered:
- our overall business management and further development of services, systems and products;
- meeting internal requirements,
- insurance, for audit or administrative purposes;
- ensuring IT security and operations;
- asserting legal claims and defending legal disputes;
- prevention and investigation of criminal offences, risk management.
6.2 Lawfulness of processing
Lawfulness of processing is the initiation or existence of a contractual relationship according to Art. 6 para. 1 lit. b) GDPR. Should a balancing of interests be carried out for the processing of personal data, lawfulness of the processing is based on a legitimate interest of the controller according to Art. 6 para 1) lit f) GDPR. The interests are described in the previous section.
Furthermore, if you have given your consent to the process of personal data, the lawfulness is a consent according to Art. 6 para. 1 lit. a) GDPR.
You may revoke your given consent at any time with effect for the future.
Our business is subject to various legal requirements (regarding technical audits, operational security, money laundering, taxes, etc.) as well as regulatory requirements and financial reporting obligations. To comply these legal requirements we may need to process personal data according to Art. 6 para. 1 lit. c) GDPR.
6.3 Source of personal data
We receive the personal data directly from the business relationship with you, with your employer or from your colleagues. Under certain circumstances, we may have received your data from third parties, e.g. from visitors at a trade fair.
6.4 Deletion of data
We will retain your data for as long as we need it for activities related to the existing contractual relationship between us, the establishment of new contractual relationships or to secure / defend us against legal claims.
Our documentation obligations, e.g. from the German Commercial Code, the German Fiscal Code and the Money Laundering Act, require us to retain the data for 5 to 10 years. The legal limitation periods, especially in the product liability business, require storages for up to 30 years.
7. Recipients of personal data
We may share your data with:
- Processors used by us (Art. 28 GDPR), in particular in the field of IT services and logistics, who process your data for us in accordance with instructions;
- Public bodies and institutions in the event of a legal or regulatory obligation;
- Our respective employees, consultants, representatives, agents, auditors, service providers, suppliers.
8. Transfer to third countries
We share personal data with our affiliated companies, including Japan. This is done on the basis of an adequacy decision of the EU Commission and a Toshiba Intra Group Data Sharing Agreement.
Furthermore, tools are used from companies based in the USA or other third countries that are not secure under data protection law. If these tools are active, your personal data may be transferred to these third countries and are processed in these countries. We would like to point out that no level of data protection comparable to that in the EU can be guaranteed in these countries. Therefore, it cannot be ruled out that US authorities (e.g. intelligence services) may process, evaluate and permanently store your data located on US servers for monitoring purposes. We have no influence on these processing activities.
9. Rights as a data subject
You have the following rights as a data subject:
- You have the right to obtain information about your processed personal data.
- You have the right to rectification or deletion of the personal data processed about you.
- You have the right to object to or restrict the processing of your personal data.
- You have the right to data portability of the personal data processed by you
Furthermore, you have the right to file a complaint at the supervisory authority:
Independent Centre for Data Protection Schleswig-Holstein (supervisory authority)
P.O. Box 71 16, 24171 Kiel
Tel.: 0431 988-1200, Fax: 0431 988-1223
10. Data protection regulations when using the tool “Microsoft Teams”
Through the company, the tool “Microsoft Teams” is used to perform telephone conferences, online meetings, video conferences and / or webinars (hereinafter: “online meetings”). “Microsoft Teams” is a service provided by Microsoft Corporation.
The Controller for data processing directly related to the conduct of “Online Meetings” is Toshiba Railway Europe GmbH.
Note: Insofar as you call up the “Microsoft Teams” Internet site, the “Microsoft Teams” provider is controller for data processing. However, calling up the Internet page is only necessary to download the software for using “Microsoft Teams”.
If you do not want to or cannot use the “Microsoft Teams” app, it is possible to use “Microsoft Teams” via your browser. The service will then also be provided via the “Microsoft Teams” website to this extent.
When using “Microsoft Teams”, various types of data are processed, depending in particular on what the respective participants discuss in the meeting.
The following personal data are subject to processing:
User details: e.g. display name (“Display name”), e-mail address if applicable, profile picture (optional), preferred language, meeting metadata such as date, time, meeting ID, telephone numbers, location Text, audio and video data: you may have the option of using the chat function in an “online meeting”. To this extent, the text entries you make are processed in order to display them in the “online meeting”. You can switch off or mute the camera or microphone yourself at any time via the “Microsoft Teams” applications.
Normally, recording does not take place and is only permitted with consent (approval).
Automated decision-making within the meaning of Art. 22 GDPR is not used.
The legal basis for data processing when conducting “online meetings” is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. We have an interest on effective implementation of “online meetings”.
Personal data processed on the participation of “online meetings” will not be disclosed to third parties, unless they are specifically intended for disclosure.
Other recipients: The provider of “Microsoft Teams” necessarily obtains knowledge of the above-mentioned data, insofar as this is provided in the context of our order processing agreement with “Microsoft Teams”.
The information contained on this website is subject to change without notice.
The information contained herein is intended only as a guide to the use of our products. Toshiba assumes no responsibility for any infringement of patents or other rights of third parties which may result from the use of this information. No license is granted, by implication or otherwise, under any patent or patent rights of Toshiba or others.
Toshiba products may not be embedded in downstream products the manufacture and sale of which is prohibited by law or regulation.
Toshiba assumes no responsibility for incidental damages (including lost profits, business interruption, loss of business information and other pecuniary losses) arising out of the use or inability to use Toshiba products.
The products described in this document may contain products subject to foreign exchange and foreign trade laws.
The products described in this document may contain products subject to foreign exchange and foreign trade laws or regulations applicable in the EU, Germany, the U.S. or locally.
Detour in violation of applicable foreign trade laws or regulations is prohibited.