Business Partner Privacy Notice
Effective Date: 25 May 2018
This Business Partner Privacy Notice ("Privacy Notice") describes the types of Personal Data that Dana Incorporated and/or its direct and indirect subsidiaries ("Dana", "we" or "our") collects when you or the company you work or act for are/is doing business with Dana, how we use the information and with whom we may share it. This Privacy Notice also describes the measures we take to safeguard the Personal Data, the statutory rights you have regarding your Personal Data and how you can contact us about our privacy practices.
For the purposes of this Privacy Notice "Personal Data" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1. Personal Data we Collect
We use the Personal Data you or your company provide(s) to us in connection with any business related interaction between you or your company and Dana, regardless of whether the information is provided verbally (e.g. by telephone) or by writing (e.g. by email, fax, letter, SMS).
We collect the following categories of Personal Data:
- First and last name,
- Business telephone number, fax number, email address and other business contact information,
- Job title,
- Content of written communication (correspondence by email, letter, fax, etc.).
2. How we use the Personal Data we Collect
We process the Personal Data collected for the following purposes ("Processing Purposes"):
- To enter into a contract with you or your company;
- To perform a contract with you or your Company;
- To communicate with you or your company in the context of the establishment or performance of our business relationships with you or your company;
- To carry out a supplier due diligence
You are neither contractually nor legally obliged to provide your Personal Data indicated above (Section 1). However, if you do not provide your Personal Data, it may not be possible for us to achieve the Processing Purposes.
3. Legal Bases for Processing Your Personal Data
We will process your Personal Data on the basis of one or more of the following legal grounds:
- The processing is necessary for Dana's and - as applicable - your company's legitimate interests in entering or performing a contract or commencing contractual negotiations between Dana and your company as well as communicating with each other in this context (Art. 6 (1) (f) GDPR);
- The processing is necessary for Dana's legitimate interest in complying with legal requirements, in particular with obligations under applicable data protection laws and regulations (Art. 6 (1) (f) GDPR);
- The processing is necessary for compliance with a legal obligation to which Dana is subject (Art. 6 (1) (c) GDPR).
4. Sharing of Personal Data
We do not sell or otherwise disclose Personal Data we collect about you, except as described in this Privacy Notice. We may share your Personal Data with other entities of the Dana group of companies when it is necessary for achieving the Processing Purposes. View a full list with the entities.
Further, we may share your Personal Data with our service providers who perform services and other business operations for us for the Processing Purposes. The service providers belong to the following categories: IT services, data base hosting, CRM systems, supply chain management services, accountants, legal advisors, tax advisors.
We also may disclose information about you (i) if we are required to do so by law, regulation or legal process (such as a court order or subpoena), (ii) in response to requests by government agencies, such as law enforcement authorities, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity. Within the scope of applicable data protection laws we may transfer any information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).
5. International Data Transfers
The recipients we share your Personal Data with (as described in Section 4) may be located in countries outside the EU/EEA that are not regarded as providing the same level of protection for Personal Data as provided by the data protection laws applicable to the processing of your Personal Data by us according to this Privacy Notice, in particular EU data protection laws. We have put in place appropriate safeguards (such as EU standard contractual clauses) in accordance with applicable legal requirements to provide adequate protections for your Personal Data. For more information on the appropriate safeguards in place and to collect a copy of such safeguards, please contact us at the contact information set forth below under Section 9.
6. No Automated Decisions About You
We do not carry out any decision making based solely on automated processing of Personal Data collected under this Privacy Notice, including profiling.
7. Your Rights Regarding Your Personal Data
Under applicable statutory data protection laws, you may have the right to:
- Access your Personal Data as well as to collect a copy of such Personal Data (right of access);
- Have inaccurate Personal Data rectified and, taking into account the purpose of the processing, supplement incomplete Personal Data concerning you (right of rectification);
- Have your Personal Data erased to the extent permitted by applicable data protection law (right to erasure; "right to be forgotten");
- Restrict processing of your Personal Data to the extent permitted by law (right to restriction of processing); and
- Receive Personal Data which you have provided to us in a structured, commonly used and machine-readable format and to transmit such Personal Data to another controller without restriction by us and, where technically feasible, to have such data transmitted directly from us to another controller to the extent permitted by law (right to data portability).
Further, under applicable statutory data protection laws, you may have the right to object, on grounds relating to your particular situation, to the processing of your Personal Data to the extent permitted by law. If your personal data is processed by us for direct marketing purposes – which is currently neither done nor planned – you can object to the processing for the purpose of such marketing in any case (right to object).
In order to exercise your rights, you may use the contact details set out below under section 9. In addition and without prejudice to any other rights, you have the right to lodge a complaint with a supervisory authority.
We encourage you to contact us at the contact information set forth below to update or correct your Personal Data if it changes or if the Personal Data we hold about you is inaccurate. Please note that we may require additional information from you in order to honor your requests.
If you would like to discuss or exercise any rights you may have under law, please contact us at the contact information set forth below under section 9.
8. How we Protect Personal Data and How Long it is Stored
We maintain administrative, technical and physical safeguards designed to protect your Personal Information against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
We store your Personal Data as long as necessary for achieving the Processing Purposes (as indicated under Section 2), i.e. principally until the end of the business relationship with you or your company, and beyond as long as necessary to comply with statutory retention periods and to investigate or defend against potential legal claims.
9. How to Contact Us
Dana is the controller responsible for all Personal Data we collect under this Privacy Notice.
If you have any questions or concerns regarding the way in which we processes your Personal Data or questions or comments about this Privacy Notice, or if you would like us to update information we have about you, please contact us under:
Dana Incorporated
Attention: Corporate Communications
3939 Technology Drive
Maumee, Ohio
43537, USA
10. Changes to this Privacy Notice
We may modify or update this Privacy Notice from time to time. If we make any revisions that materially change the ways in which we process your Personal Data, we will notify you of these changes before applying them to that Personal Data.