- Data controller and how to contact us
- Your right to rectification
- The information we collect about you
- How your personal data is collected
- How we will use your data
- Retention periods
- When we will disclose your data to third parties
- Website visitors
- How we protect your data
- Overseas transfers
- Your rights
- Links to other sites
This website is not intended for children and we do not knowingly collect data about children.
1. Data controller and how to contact us
The Mitsubishi Heavy Industries Group (MHI Group) entities, including MHI-EMEA, responsible for your personal data are regulated as controllers under applicable data protection laws.
Details of the controlling entities and how to contact them are set out below.
For the processing of personal data in relation to MHI-EMEA’s UK operations, Mitsubishi Heavy Industries EMEA, Ltd. is the data controller.
The Head of the Legal Department at MHI-EMEA is the responsible individual for overseeing questions in relation to privacy matters. If you have any questions about UK processing activities, including any requests to exercise your data protection rights, please contact them using the details set out below:
Addressee: Head of Legal
Full name of legal entity: Mitsubishi Heavy Industries EMEA, Ltd.
Postal address: Building 11 Chiswick Park, 566 Chiswick High Road, London, W4 5YA
Tel: +44(0)20 3480 7515
For each of our German branches, the controller details are as follows:
- Munich branch office: the data controller is the MHI-EMEA Munich branch office located at Sonnenstraße 32, 80331 München, Germany.
- Erlangen branch office: the data controller is the MHI-EMEA Erlangen branch office located at Hauptstraße. 40, 91054 Erlangen, Germany.
- Dusseldorf branch office: the data controller is the MHI-EMEA Dusseldorf branch office located at Kennedydamm 19, 40476 Düsseldorf, Germany.
The Data Protection Officer responsible for the Munich, Erlangen and Dusseldorf branches is Mr. Thorsten Feldmann, Christinenstr. 18/19, 10119 Berlin, Germany
Tel: +49 30 443 765 0.
For the processing of personal data in the context of MHI-EMEA's Brussels liaison office, the data controller is the MHI-EMEA Brussels liaison office located at Rue Froissart 95, 1040 Brussels, Belgium.
If you have any questions about the Brussels liaison office's processing activities, including any requests to exercise your data protection rights, please contact the Head of the Legal Department at MHI-EMEA using the details set out below.
Addressee: Head of Legal
Full name of legal entity: Mitsubishi Heavy Industries EMEA, Ltd.
Postal address: Building 11 Chiswick Park, 566 Chiswick High Road, London, W4 5YA
Tel: +44 (0)20 3480 7515
- The Netherlands:
For the processing of personal data in the context of MHI-EMEA’s Dutch branch, Mitsubishi Heavy Industries EMEA, Ltd., Corrugating & Printing Machinery Division is the controller. If you have any questions about the Dutch branch’s processing activities, including any requests to exercise your data protection rights, please contact them using the details set out below.
Address: Splijtbakweg 115, Almere, The Netherlands
- You have the right to make a complaint at any time to the relevant local data protection authority:
- UK: the Information Commissioner's Office (www.ico.org.uk).
- Germany (Munich / Erlangen Branches): Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
- Germany (Dusseldorf Branch): North Rhine-Westphalia DPA (https://www.ldi.nrw.de/index.php)
- Belgium: the Belgian Data Protection Authority (https://www.dataprotectionauthority.be/citizen)
- The Netherlands: the Autoriteit Persoonsgegevens (https://www.autoriteitpersoonsgegevens.nl/)
- Other EEA Member States: see the list of relevant supervisory authorities https://edpb.europa.eu/about-edpb/board/members_en
- We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance using the details above.
2. Your right to rectification
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us (Art. 16 GDPR).
3. The information we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, such as:
- Identity Data, including first name, last name.
- Contact Data, including company, country of residence, email address and telephone numbers.
- Careers Data, including your job title, job application data (please see Group Privacy Notice for job applicants).
- Profile Data, including the product/service area(s) which interest you.
We do not normally collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
4. How your personal data is collected
We may collect and process the following information about you:
- Information that you give us. This is information about you that you give to us when visiting our website, giving us a business card (or similar), filling in forms that we ask you to complete or corresponding with us by telephone, post, email or otherwise. It may include, for example, your Identity Data, Contact Data, Careers Data and Profile Data. If you have given us your consent to the processing of personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent (Art. 6(1)(a) GDPR). Your consent can be revoked at any time. Please note that the revocation will only take effect for the future. Processing that took place before the revocation is not affected by this.
- Other information: We may also collect some information from other sources. For example:
- If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you such as your Identity Data, Contact Data, Careers Data or Profile Data.
- We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background check and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
5. How we will use your data
We have set out in the table below a description of the ways we plan to use your personal data and which legal bases we rely on to do so. We have identified what our legitimate interests are where appropriate.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
To operate, manage, develop and promote our business and, in particular, our relationship with the organization you represent and related transactions
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. You can contact us for more information about this. If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so (Art. 13(3) and Art. 14(4) GDPR).
6. Retention periods
We will retain and process your data for as long as we require it for the purposes for which it was collected or as is otherwise required by applicable law. To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the risk of potential harm from its unauthorised use or disclosure, the purposes for which we process it, whether we can achieve our purposes through other means, and the applicable legal requirements.
Where necessary, we process and store your personal data for the duration of our contractual relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our contractual relationship may, depending on the individual case, be a continuing obligation for a number of years. For contractual relationships, but also for other civil law claims, the storage period also depends on the statutory limitation periods. In addition, we are subject to various storage and documentation obligations, including those arising from the applicable law. If you require more specific information on retention periods please ask and we will provide you with our country-specific retention schedule.
Once your personal data is no longer needed, we will securely delete or anonymise it. We may continue to use anonymised data, which cannot be associated with you, for research or statistical purposes.
7. When we will disclose your data to third parties
- our business customers, partners, suppliers, agents, sub-contractors and service providers in order to provide our services (for example where we enter into agreements with third parties who provide services to us or on our behalf) (Art. 6(1)(f) GDPR);
- public bodies, authorities etc. in order to comply with applicable local law; and
- professional advisers such as lawyers and accountants.
We may also disclose data we collect to third parties:
- if we undergo a change of control or any of our business or assets are sold or transferred (in which case we may disclose your data to the prospective seller, buyer or their representatives);
- if we or substantially all of our assets are acquired by a third party, in which case information held by us about our website users will be one of the transferred assets; or
- if we are under a duty to disclose or share your information in order to comply with any legal obligation or legal process (for example, a court order), or in order to enforce or apply our contractual rights or any other agreement; in order to protect the rights, property, or safety of our website users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where parties qualify as data processors, we insist that they enter into a contract that protects your information and only permit them to process your personal data for specified purposes in accordance with our instructions.
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us. For certain enquiries about specific products and/or services, we may use your Identity, Contact and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and/or services may be relevant for you. You will receive marketing communications from us if you have requested information from us and have not opted out of receiving that marketing.
Opting out. You can ask us to stop sending you marketing messages at any time by contacting us in accordance with section 1 above or by using the unsubscribe link in any of our emails.
9. Website visitors
10. How we protect your data
We have implemented appropriate technical and organisational measures to safeguard your personal data and we have put in place security procedures and technical and organisational measures to do so. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the Internet.
11. Overseas transfers
The data you provide may be transferred to countries outside the UK or European Economic Area (EEA), especially for the purpose of the performance of a contract, personal data may be transferred to other companies of the MHI Group based outside the UK or EEA. Click here to see a list of the relevant MHI Group entities along with their contact details.
Data transfers will only take place on the basis of a UK or EU adequacy decision of the Commission or on the basis of approved standard contractual clauses or other lawful transfer mechanisms.
All the companies in the MHI Group with which your personal data may be shared have entered into data sharing agreements with the relevant data controller which satisfy the requirements of data protection laws with respect to intra-group transfers and include, where appropriate, approved standard contractual clauses. Please contact us if you want further information on (or a copy of) the specific mechanism used by us when transferring personal data out of the UK or EEA.
12. Your rights
In some circumstances you have rights in relation to the personal data we hold about you. Please contact us using the contact details above if you wish to exercise any of these rights.
- Request access to your personal data (commonly known as a "data subject access request" pursuant to Art. 15 GDPR). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you (Art. 16 GDPR). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data (commonly known as the "right to be forgotten" pursuant to Art. 17 GDPR). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms (Art. 21 GDPR). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data (Art. 18 GDPR). This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party (Art. 20 GDPR). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data (Art. 7 para. 3 GDPR). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products and/or services to you. We will advise you if this is the case at the time you withdraw your consent.
Irrespective of the foregoing, you have the right to lodge a complaint with a supervisory authority - in particular in the UK or in the EEA Member State where you reside, your place of work or the place where the alleged infringement is suspected - if you are of the opinion that the processing of your personal data violates the GDPR or other applicable local data protection laws. See section 1 above for details of relevant supervisory authorities.
You will not usually have to pay a fee to exercise these rights but if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee (or refuse to comply with your request). We may need specific information from you to help us confirm your identity and to speed up our response; this helps keep your personal data safe and speeds up our response to your request. We try to respond to all legitimate requests within one month but this period may be longer if your request is particularly complex or you have made multiple requests; we will notify you in this case.
13. Links to other sites