Privacy policy for www.business-partner.kaufland.ro

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data.

If you are a business partner of the Kaufland Group or a legal representative, employee, shareholder, partner or ultimate beneficial owner of a business partner, the following privacy policy applies to you when you use the Business Partner Portal and when you visit our website at www.business-partner.kaufland.ro. Business partners are legal entities or natural persons who are negotiating to enter into a business relationship with Kaufland or are already party to a business relationship with Kaufland. This definition expressly excludes agreements governing employment or training relationships.

The specific legal bases are the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz).

Which data is processed in the individual case depends primarily on the agreed services. As a result, not all of this information will be relevant to you.

Kaufland Romania SCS

Str. Barbu Văcărescu, nr. 120-144

CP 020284, Bucuresti, sector 2

Telefon: 0372 090 000

E-mail: bpp.support@kaufland.com 

As a rule, the personal data of yours that we collect is obtained directly from you.

However, it may also be necessary to process personal data that we obtain from other companies, authorities or other third parties, such as credit agencies, tax offices and the like. This may include personal data that we obtain through our whistleblower channels about potential compliance violations or in the context of compliance investigations.

 The type of personal data may include: personal details (e.g., first name, last name, address, global location number (GLN), telephone and mobile number, e-mail address, position/role, date and place of birth, language and nationality), identification and authentication data (e.g., commercial register excerpts, I.D. data, specimen signature), data within the scope of our business relationship (e.g., payment data, data on orders), creditworthiness data, data on corporate and ownership structure, photos and videos (e.g., with deliveries of goods) and other data comparable to the aforementioned categories.

You may elect to communicate with us by e-mail or mail. For technical reasons, e-mail communications may be unencrypted.

For the performance of contractual obligations (Article 6(1)(b) GDPR)

The purposes of processing follow from the need to take steps prior to entering into a contract, in advance of a contractual business relationship and to perform obligations under an existing contract.

For compliance with a legal obligation (Article 6(1)(c) GDPR)

The purposes of processing follow from statutory requirements in the individual case. Such legal obligations include, e.g., complying with retention and identification obligations, e.g., in the context of anti-money laundering requirements, tax monitoring and reporting requirements and data processing in the context of requests from authorities.

For the purposes of legitimate interests (Article 6(1)(f) GDPR)

It may be necessary to process the personal data you provide for purposes beyond the actual performance of the contract. Legitimate interests in this case include, in particular, selecting suitable business partners, conducting surveys for assessing our Company's quality assurance processes, sending an invitation e-mail to provide feedback via your contact at Kaufland – if you indicate in advance your willingness to participate, storing and using the details of contact persons, digitizing files and incoming mail, avoiding economic detriment, allocating work products to individual business partners, recording business transactions, negotiating with contact partners who are not or will not become direct business partners, issuing invitations to events, asserting legal claims, avoiding legal detriment (e.g., in the case of insolvency), conducting identity checks (e.g., money transport companies), defending against threats and liability claims and avoiding legal risks, protecting our IT infrastructure, managing access permissions for our systems, physical and data access controls, clarifying potential compliance violations, preventing crimes, settling claims arising out of the business relationship and other internal administrative purposes.

At the time of contracting, we occasionally obtain data on your credit history from credit agencies to serve the aforementioned legitimate interests. We use the credit history information from the credit agencies to assess your creditworthiness. Credit agencies store data that they receive from banks or companies, for example. Such data includes in particular last name, first name, date of birth, address and information on payment history. Information on the data stored about you can be obtained directly from the credit agencies.

If you accept our offer of contract by means of digital signature (e.g., Adobe Sign), we process your data, such as in particular e-mail address, IP address as well as the time and date of any modifications you make to the respective contract document, for instance when you approved, displayed or digitally signed it. We have a legitimate interest in ensuring that the process for signing contracts digitally is fast and efficient and that the signing process can be logged for verification purposes.

Certain contracts may also be signed using a so-called qualified electronic signature. In this case we also process the certificate data associated with your signature in addition to the aforementioned data. We have a legitimate interest in being able to verify whether you are able to provide a valid qualified electronic signature serving to replace any written form prescribed by statute. To use a qualified electronic signature, you must independently register with a trust service provider (e.g., D-TRUST/Bundesdruckerei). When you register, the respective provider will process your data under its own responsibility and not on our behalf, however.

Within our company, access to the data provided by you will be granted to those departments that require such data for the purposes of performing contractual obligations, complying with legal obligations or serving legitimate interests. In the context of the contractual relationships, we also engage processors or service providers who may be given access to your personal data. Their compliance with data protection requirements is ensured by contractual agreement.

In addition, the data may be transferred to Schwarz Group companies for purposes of performing contractual obligations.

In the case of contracts executed by digital signature, your data is also accessible to all persons involved in the approval and signing of the contract, as they receive a log after the contract has been signed indicating all processing steps, including e-mail address, IP address, date and time. Your data may also be accessible to the respective service providers that we use for the relevant digital signature procedure. In the case of Adobe Sign, this would be Adobe Systems Software Ireland Limited, 4-6 Riverwalk, City West, Business Campus, Saggart D24, Dublin, Ireland.

If a qualified electronic signature is used to execute digital contracts, your data will also be accessible to D-Trust GmbH, Kommandantenstraße 18, 10969 Berlin, Germany, which is the provider responsible for checking the validity of the signature.

The personal data will be stored for as long as necessary for fulfilling the above-mentioned purposes. Particularly relevant in this context are the statutory retention obligations under the German Commercial Code (Handelsgesetzbuch – HGB) and the German Fiscal Code (Abgabenordnung – AO).

Within the scope of our business relationship, you must provide us with the personal data needed to commence, execute and terminate a business relationship and to perform the obligations associated therewith, which we are legally obligated to collect or are entitled to collect on the basis of legitimate interests. Without such data, we would generally not be able to enter into a business relationship with you.

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if an adequate level of data protection has been confirmed for that third country by the EU Commission, if an adequate level of data protection has been agreed with the data recipient (e.g., by means of EU standard contractual clauses and transfer impact assessment) or if we have received your consent.

We use cookies on the landing page www.business-partner.kaufland.ro for the Business Partner Portal. No cookies are used in the Business Partner Portal itself.

The purpose of cookies is to personalize the user's website experience and make the site easier to use. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. Cookies are small text files that the website places in the Internet browser's cookie file on the user's device. They are stored there for later retrieval in order to recognize the user when they visit the site again. A cookie typically contains the name of the domain from which it originates, its expiry date and a unique identifier.

Cookies and the other technologies employed to process usage data are used for the following purposes, depending on their category:

• Technically necessary: These are cookies and similar technologies that are necessary for you to use our services (e.g., to correctly display our website/the functions requested by you, or to record you signing in).
• Preferences: Using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our website in your language.
• Statistics: Using these methods, we can capture anonymized statistics on how our services are used. In this way we can target our services. Statistics can also be used to determine how to better adapt our website to user habits.
• Marketing: We can display relevant advertising content based on an analysis of your usage behavior. The user ID (unique identifier) means that your usage behavior can be tracked across multiple websites, browsers or devices.

Depending on the purpose, the use of cookies and similar technologies to process usage data extends to the following types of personal data in particular:

Technically necessary:

• User inputs to store inputs over multiple sub-pages;
• Authentication data to identify a user after they have logged on so that authorized content (e.g., in the business partner account) can be accessed on subsequent visits;
• Security-related events (e.g., identifying repeat failed log-in attempts);
• Data to play back multimedia content (e.g., to play (product) videos of your choice).

Preferences:

• Settings to customize the user interface that are not linked to a persistent identifier (e.g., active language selection).

Statistics:

• Pseudomized user profiles with information on the usage of our websites. These contain in particular:
  • browser type/version;
  • operating system used;
  • referrer URL (i.e., the previously visited page);
  • host name of the device used for access (IP address);
  • time of the server request;
  • individual user ID; and
  • activities on the websites (browsing behavior).
• The IP address is routinely anonymized, i.e., in principle you can no longer be identified.
• We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us separate express permission to do so. We cannot identify you based on the user ID alone.

Marketing:

• Pseudomized user profiles with information on the usage of our websites. These contain in particular:
  • IP address;
  • individual user ID;
  • products that might be of interest to you; and
  • activities on the websites (browsing behavior).
• IP addresses are routinely anonymized, i.e., in principle you can no longer be identified.
• We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us separate express permission to do so. We cannot identify you based on the user ID alone. In theory, we can share the user ID and associated user profiles with third parties via the providers of advertising networks.

The legal basis for using cookies to store preferences, for statistics and for marketing processes, and for using similar technologies is your consent pursuant to Article 6(1)(a) GDPR. The legal basis for using technical cookies and similar technologies is Article 6(1)(b) GDPR, in other words we process your data so as to be able to provide our services in the context of steps prior to entering into a contract and in performing the contract.

You can object to this data collection and storage at any time with effect for the future. To do so, please click on this link and confirm your objection on the page it redirects you to.

Purpose of processing/legal basis: This website uses the Adobe Analytics web analytics service to analyze user access to the website. The data is processed on basis of your consent (Article 6 (1) (a) GDPR, § 25 (1) TTDSG). We use information generated during your use of our web pages (namely, the page from which the file was requested, the name of the file, the date and time of the request, the volume of data transferred, the access status such as "file transferred", "file not found", etc., a description of the type of web browser used and an anonymized IP address – truncated by the last three digits) for purposes of user navigation, statistical analyses, adapting our web pages to your needs, displaying ads on the website (displaying product information on the relevant buttons on this website that reflect your click behavior on www.business-partner.kaufland.ro) and to identify and protect against abnormal website traffic. For this purpose, we use cookies that control your connection to our web pages during the session. A permanent cookie is set in your web browser by our provider Adobe Systems GmbH to create a pseudonymized user profile, which allows your browser to be recognized the next time you visit the website for purposes of advertising, market research and/or tailoring our website to users' needs.

The information stored on the Adobe servers cannot be used to directly identify you because Adobe Analytics is used with the settings "Before Geo-Lookup: Replace visitor's last IP octet with 0" and "Obfuscate IP-Removed". The setting "Before Geo-Lookup: Replace visitor's last IP octet with 0" ensures that the IP address is anonymized before geolocation by replacing the last octet of the IP address with zeros. The user's approximate location is added to the tracking packet, which still contains the full IP address, for purposes of statistical analysis. Before the tracking packet is stored, the IP address is then replaced with a single fixed IP address referred to as a generic IP address if the "Obfuscate IP-Removed" setting is configured. This means that the IP address is no longer included in a stored data record.

The data collected using Adobe Analytics technology is not used to personally identify visitors to this website. Nor is the usage data stored in the cookie merged with personal data about the bearer of the pseudonym. To prevent general tracking by Adobe, simply click on this link and confirm your objection on the page it redirects you to. In this case, Adobe will place a permanent "Do not track" cookie in your browser so that the Adobe technology is no longer used.

Recipients/categories of recipient: Insofar as Adobe or other technical service providers have access to your data for support purposes, data processing agreements in accordance with Article 28 GDPR have been concluded.

Pursuant to Article 15(1) of the GDPR, you have the right to request information, free of charge, on the personal data stored about you at Kaufland.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer.

You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

E-mail: protectiadatelor@kaufland.ro

Adresă poștală:

Kaufland Romania SCS

Str. Barbu Văcărescu, nr. 120-144, Sector 2, București

În atenția responsabilului cu protecția datelor