개인정보 처리방침

<아데카코리아(주)>('http://www.adekakorea.co.kr/'이하 '아데카코리아(주)')는 개인정보보호법에 따라 이용자의 개인정보 보호 및 권익을 보호하고 개인정보와 관련한 이용자의 고충을 원활하게 처리할 수 있도록 다음과 같은 처리방침을 두고 있습니다.
<아데카코리아㈜>는 회사는 개인정보처리방침을 개정하는 경우 웹사이트 공지사항(또는 개별공지)을 통하여 공지할 것입니다.
○ 본 방침은부터 2020년 11월 1 일부터 시행됩니다.

1. 개인정보의 처리 목적
<아데카코리아㈜>는 개인정보를 다음의 목적을 위해 처리합니다. 처리한 개인정보는 다음의 목적이외의 용도로는 사용되지 않으며 이용 목적이 변경될 시에는 사전동의를 구할 예정입니다.
• 민원사무처리 : 제보 또는 상담 진행에 따른 민원인의 신원 확인, 민원사항 확인, 사실조사를 위한 연락·통지, 처리 결과 전달 등을 목적으로 개인정보를 처리 및 보관합니다.


2. 개인정보 파일 현황
• 개인정보 항목 : 회사명, 이름, 이메일, 연락처 (사내 직통번호 또는 휴대 전화번호)
• 수집방법 : 홈페이지 접수, 전화, 팩스
• 보유기간 : 목적 달성 완료


3. 개인정보의 처리 및 보유 기간
① <아데카코리아㈜>는 법령에 따른 개인정보 보유·이용기간 또는 정보주체로부터 개인정보를 수집시에 동의 받은 개인정보 보유,이용기간 내에서 개인정보를 처리,보유합니다.
② <민원사무 처리>와 관련한 개인정보는 수집.이용에 관한 동의일로부터 목적 달성 완료시까지 위 이용목적을 위하여 보유.이용됩니다.


4. 정보주체와 법정대리인의 권리·의무 및 그 행사방법 이용자는 개인정보주체로써 다음과 같은 권리를 행사할 수 있습니다.
① 정보주체는 아데카코리아(주)에 대해 언제든지 개인정보 열람,정정,삭제,처리정지 요구 등의 권리를 행사할 수 있습니다.
② 제1항에 따른 권리 행사는 아데카코리아(주)에 대해 개인정보 보호법 시행령 제41조제1항에 따라 서면, 전자우편, 모사전송(FAX) 등을 통하여 하실 수 있으며 아데카코리아(주)는 이에 대해 지체 없이 조치하겠습니다.
③ 제1항에 따른 권리 행사는 정보주체의 법정대리인이나 위임을 받은 자 등 대리인을 통하여 하실 수 있습니다. 이 경우 개인정보 보호법 시행규칙 별지 제11호 서식에 따른 위임장을 제출하셔야 합니다.
④ 개인정보 열람 및 처리정지 요구는 개인정보보호법 제35조 제5항, 제37조 제2항에 의하여 정보주체의 권리가 제한 될 수 있습니다.
⑤ 개인정보의 정정 및 삭제 요구는 다른 법령에서 그 개인정보가 수집 대상으로 명시되어 있는 경우에는 그 삭제를 요구할 수 없습니다.
⑥ 아데카코리아(주)는 정보주체 권리에 따른 열람의 요구, 정정·삭제의 요구, 처리정지의 요구 시 열람 등 요구를 한 자가 본인이거나 정당한 대리인인지를 확인합니다.


5. 처리하는 개인정보의 항목 작성
① <아데카코리아㈜>는 다음의 개인정보 항목을 처리하고 있습니다.
• 필수 사항 : 회사명, 이름, 이메일, 연락처 (사내 직통번호 또는 휴대 전화번호)


6. 개인정보의 파기
① <아데카코리아㈜>는 원칙적으로 개인정보 처리목적이 달성된 경우에는 지체없이 해당 개인정보를 파기합니다.
② 종이에 출력된 개인정보는 분쇄기로 분쇄하거나 소각하며 전자적 파일 형태의 정보는 기록을 재생할 수 없는 기술적 방법을 통해 삭제합니다.


7. 개인정보 자동 수집 장치의 설치•운영 및 거부에 관한 사항
<아데카코리아㈜>는 개인화되고 맞춤화된 서비스를 제공하기 위해서 이용자의 정보를 저장하고 수시로 불러오는 ‘쿠키 (cookie)’를 사용합니다.
- 쿠키란?
쿠키는 웹사이트를 운영하는데 이용되는 서버가 이용자의 브라우저에게 보내는 아주 작은 텍스트 파일로 이용자의 컴퓨터 하드디스크에 저장됩니다.
- 쿠키의 사용 목적
① 이용자가 웹사이트에 방문할 경우 웹사이트 서버는 이용자의 하드디스크에 저장되어 있는 쿠키의 내용을 읽어 이용자의 환경설정을 유지하고 맞춤화된 서비스를 제공하기 위해 이용됩니다. 또한, 이용자의 웹사이트 방문 기록, 이용 형태를 통해서 최적화된 광고 등 맞춤형 정보를 제공하기 위해 활용됩니다.
② 이 웹사이트는 구글의 웹 분석 서비스인 ‘구글 애널리틱스’를 사용합니다. 구글 애널리틱스의 사용으로 발생하는 고객의 웹사이트 사용에 관한 정보는 미국의 구글 서버로 전송되어 저장됩니다. 이때 수집되는 쿠키 정보는 이용자의 컴퓨터를 식별할 수는 있지만 회원 개개인의 정보를 식별하지는 않습니다.
- 쿠키 수집 거부
쿠키는 이름, 전화번호 등 개인을 식별하는 정보를 자동적/능동적으로 수집하지 않으며, 아래와 같은 방법으로 이용자가 언제든지 이러한 쿠키의 저장을 거부하거나 삭제할 수 있습니다. 다만, 쿠키의 저장을 거부할 경우 일부 서비스에 대한 이용에 어려움이 있을 수 있습니다.
• Internet Explorer의 경우 : 웹 브라우저 상단의 도구 메뉴 > 인터넷 옵션 > 일반 > 검색 기록 > 쿠키 삭제
• Chrome의 경우 : 웹 브라우저 방문 기록 메뉴 > 인터넷 기록 삭제
• 안드로이드의 경우 : 설정 > Google 설정 > 광고 > 광고 개인 최적화 선택 해제 활성화
• 아이폰의 경우 : 설정 > 개인정보보호 > 광고 > 광고 추적 제한 활성화


8. 유럽연합 일반 데이터 보호 규정 (General Data Protection Regulation, GDPR)의 법률 준수에 관한 사항
① <아데카코리아㈜>는 개인정보 보호권리와 정보 보안 및 규정 준수를 위해 유럽연합 일반 데이터 보호 규정 (GDPR)이 적용됩니다. 이에 따라 유럽연합 내 이용자가 서비스를 이용하는 경우 아래 내용이 적용될 수 있습니다.
• 정보주체의 동의 : 사용자가 하나 이상의 특정 목적을 위해 개인 데이터를 처리하는 데에 필요하며, 이에 동의하였습니다.
• 정보주체와의 계약의 체결 및 이행을 위한 경우 : 개인 데이터의 제공은 사용자와의 계약 이행 및/또는 그 사전 계약 의무에 필요합니다.
• 법적 의무사항 준수를 위한 경우 : 개인 데이터 처리는 회사가 적용되는 법적 의무를 준수하기 위해 필요합니다.
• 정보주체의 중대한 이익을 위해 처리가 필요한 경우 : 개인 데이터 처리는 공익 또는 회사에 부여된 공권력의 행사에 의해 수행되는 업무와 관련이 있습니다.
• 회사의 적법한 이익 추구를 위한 경우 : 개인 데이터 처리는 회사가 추구하는 합법적 이익의 목적을 위해 필요합니다.

② <아데카코리아㈜>는 이용자의 개인정보를 소중하게 보호합니다. 유럽연합 일반 데이터 보호 규정(GDPR)에 적용되는 법률에 따라 아래와 같이 권리 보장에 대해 제기할 수 있습니다.
• 사용자의 개인 데이터 삭제 요청 : 사용자는 당사가 개인 데이터를 계속 처리해야 할 정당한 이유가 없는 경우 당사에 개인 데이터를 삭제하도록 요청할 권리가 있습니다.
• 사용자의 개인 데이터 처리에 대한 반대 : 사용자는 개인 데이터 사용에 대한 사용자의 동의를 철회할 권리가 있습니다.

③ 위와 관련하여 발생한 모든 정보주체의 문의는 서면, 전화 또는 이메일을 통해 문의하실 수 있으며, <아데카코리아㈜>는 해당 사항에 대해 지체 없이 답변 및 처리해드릴 것입니다.


9. 개인정보 보호책임자 작성
① <아데카코리아㈜>는 개인정보 처리에 관한 업무를 총괄해서 책임지고, 개인정보 처리와 관련한 정보주체의 불만처리 및 피해구제 등을 위하여 아래와 같이 개인정보 보호책임자를 지정하고 있습니다.
▶ 개인정보 보호책임자
• 성명 :. 장현제 (개인정보 보호 책임자/DPO)
• 메일 : contactus@adkk.co.kr
• 연락처 : 아데카코리아㈜ 서울 사무소 02)753-4278

② 정보주체께서는 <아데카코리아㈜> 의 서비스(또는 사업)을 이용하시면서 발생한 모든 개인정보 보호 관련 문의, 불만처리, 피해구제 등에 관한 사항을 개인정보 보호책임자 및 담당부서로 문의하실 수 있습니다. <아데카코리아㈜>는 정보주체의 문의에 대해 지체 없이 답변 및 처리해드릴 것입니다.

③ 기타 개인정보 침해에 대한 신고나 상담이 필요하신 경우 아래 기관에 문의하시기 바랍니다.
- 개인정보침해신고센터 (https://privacy.kisa.or.kr / 118)
- 대검찰청 인터넷범죄수사센터 (https://www.spo.go.kr / 02-3480-2000)
- 경찰청 사이버안전국 (https://cyberbureau.police.go.kr / 182)


10. 개인정보의 안전성 확보 조치
<아데카코리아㈜>는 개인정보보호법 제29조에 따라 다음과 같이 안전성 확보에 필요한 기술적/관리적 및 물리적 조치를 하고 있습니다.
① 개인정보 취급 직원의 최소화 및 교육 : 개인정보를 취급하는 직원을 지정하고 담당자에 한정시켜 최소화 하여 개인정보를 관리하는 대책을 시행하고 있습니다. 또한 개인정보의 안전한 처리를 위하여 내부관리계획을 수립하고 시행하고 있습니다.
② 해킹 등에 대비한 기술적 대책 : <아데카코리아㈜>는 해킹이나 컴퓨터 바이러스 등에 의한 개인정보 유출 및 훼손을 막기 위하여 보안프로그램을 설치하고 주기적인 갱신·점검을 하며 외부로부터 접근이 통제된 구역에 시스템을 설치하고 기술적/물리적으로 감시 및 차단하고 있습니다.
③ 개인정보의 암호화 : 이용자의 개인정보는 비밀번호에 의해 암호화 되어 저장 및 관리되고 있어, 본인만이 알 수 있으며 중요한 데이터는 파일 및 전송 데이터를 암호화 하거나 파일 잠금 기능을 사용하는 등의 별도 보안기능을 사용하고 있습니다.
④ 접속기록의 보관 및 위변조 방지 : 개인정보처리시스템에 접속한 기록을 최소 6개월 이상 보관, 관리하고 있으며, 접속 기록이 위변조 및 도난, 분실되지 않도록 보안기능 사용하고 있습니다.
⑤ 문서보안을 위한 잠금장치 사용 : 개인정보가 포함된 서류, 보조저장매체 등을 잠금장치가 있는 물리적 보관 장소를 별도로 두고 이에 대해 출입통제 절차를 수립, 운영하고 있습니다.


11. 개인정보 처리방침 변경
이 개인정보처리방침은 시행일로부터 적용되며, 법령 및 방침에 따른 변경내용의 추가, 삭제 및 정정이 있는 경우에는 변경사항의 시행 7일 전부터 공지사항을 통하여 고지할 것입니다.

DATA PROTECTION POLICY (GDPR Version)

ADEKA Corporation (the “Company”) and certain of its wholly or majority-owned entities below (collectively, the “Group”),

●  ADEKA CORPORATION
●  ADEKA Europe GmbH
●  ADEKA POLYMER ADDITIVES EUROPE SAS
●  ADEKA USA CORP.
●  ADEKA(SINGAPORE)PTE.LTD.
●  ADEKA (ASIA) PTE.LTD.
●  CHANG CHIANG CHEMICAL(SHANGHAI)CO.,LTD.
●  ADEKA FOODS(ASIA)SDN.BHD.
●  ADEKA KOREA CORP.
●  ADEKA FINE CHEMICAL(CHANGSHU)CO.,LTD.
●  ADEKA FOODS(CHANGSHU)CO.,LTD.

have firm commitment to respect your privacy and the right to Personal Data under EU General Data Protection Regulation (“GDPR”): (i) if the processing of Personal Data is related to the activities of the Company’s subsidiaries, affiliates, branches, representative offices and other establishments in the EEA or
(ii) if you are in the European Economic Area (“EEA”) and if GDPR applies
Thus, the Company hereby presents its Policy on data protection, and the definitions of some of the technical words are provided in Annex 2 to this Policy. This Policy covers those issues of data protection for those national persons other than the current employees of the Group.

1. Your rights of Data Protection
The Group respects your rights to Personal Data (defined in the Annex 2) as follows:
1.1. A ccess: You have the right to request information on your Personal Data Processed and information related to your rights, and to obtain a copy of your stored Personal Data. (The contact details are specified in Paragraph 2.1.below).

1.2. A ccuracy and Rectification: The Group seeks to ensure that Personal Data are

accurate, complete and kept up-to-date to the extent reasonably necessary for the applicable Purposes. If the Personal Data are incorrect, incomplete or not processed in compliance with GDPR, you have the right to have your Personal Data rectified, deleted or blocked (as appropriate) by contacting Company.
1.3. R ight to be forgotten: You have the right to obtain from the Group the erasure of your Personal Data without undue delay unless the Group have legal obligation or find public interests or other clear compelling or legitimate interest to maintain the Personal Data.
1.4. R ight to restrict the Processing (GDPR§18/21)
Under certain conditions, you have the right to request that processing be limited. The requirements are:
●  The accuracy of your Personal Data is contested by you and the Group must verify the accuracy of the Personal Data;
●  The processing is unlawful, but you oppose the erasure of the Personal Data and request the restriction of their use instead;
●  The Group no longer needs the Personal Data for the purposes of processing, but you require the Personal Data to establish, exercise or defend your legal claims;
●  You have objected to processing pending the verification of whether the legitimate grounds of the Group override your legitimate interests;
1.5. R ight to object to Processing: (GDPR§21)
You have the right to object to the processing your Personal Data on grounds relating to your particular situation if the Group process your Personal Data on grounds of legitimate interests or in the public interest. Insofar as the Group base the processing of your Personal Data on a balancing of interests, the Group generally assume that the Group can demonstrate compelling legitimate ground but will, of course, examine in each individual case. In the event of an objection, the Group will no longer process your Personal Data, unless the Group can demonstrate compelling legitimate grounds for the processing of these Personal Data that override your interests, rights and freedoms, or your Personal Data serves the establishment, exercise or defense of legal claims. In addition, you have an unrestricted right to object if the Group process your Personal Data for the Group’s direct marketing purposes.
1.6. R ight to object to automated individual decision-making, including profiling (GDPR§22)
You have the right not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects on you or similarly significantly affects you unless the decision is:
・ necessary for entering into, or performance of, a contract between you and the Group;

●  authorized by European Union or Member State law to which the Group are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
●  based on your explicit Consent.
1.7. R ight to data portability (GDPR§20)
You have the right to receive your Personal Data, which you have provided to the Group, in a structured, commonly used and machine-readable format and have the right to transmit those Personal Data to another company without hindrance from the Group to which you have provided, where:
●  the Processing is based on Consent or on a contract; and
●  the Processing is carried out by automated means.
1.8. R ight to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority.

2. Details of the Processing of Your Personal Data

2.1. Controller: ADEKA CORPORATION
2.2 (address) 7-2-35 Higashi-ogu, Arakawa-ku, Tokyo, 116-8554, Japan
The contact address for GDPR in respect of all of the Group companies in the above is as follows;
The Controller’s representative: Chief Information Officer (Kohji Tajima, Director and Managing Operating Officer)
Phone number: +81-3-4455-2801 (Monday to Friday, (except public holidays) 9am-5pm in Japanese time)
FAX: +81-3-3809-8210
E-mail address: privacy@adeka.co.jp

2.3 Data Protection Officer: Not applicable (except for ADEKA Europe GmbH; see their web-site)

2.4 Unless otherwise notified, the Purposes for which Processing of the Personal Data are intended as well as the legal basis for the Processing are as follows:
2.4.1. If you are a c ustomer, or a potential customer;
Purposes: The Purposes are conventional marketing and electronic dissemination of the Group’s products, technology, events and other business opportunities, customer services and those listed in Annex 1(a).
Legal basis: The legal basis is as follows:

2.4.1.1. “Legitimate interests”. The Group will make best efforts to maintain good balance between the legitimate interests and the right to privacy; or
2.4.1.2. performance of contract to which a customer or a potential customer is party or in
order to take steps at the request of the customer or the potential customer before
entering into the contract.


2.4.2.. ii. If you are a supplier or a potential supplier
Purposes: The Purposes are to assess quality and the fitness of your products and services in relation to our Company business
Legal basis: The legal basis is as follows:
2.4.2.1. “Legitimate interests”. The Group will make best efforts to maintain good balance between the legitimate interests and the right to privacy; or
2.4.2.2. performance of contract to which a supplier or a potential supplier is party or in order
to take steps at the request of the supplier or the potential supplier before entering
into the contract.


2.4.3. If you are an applicant for employment at our Group company:
Purposes: The Purposes are to evaluate your talent, fitness to the job and potential disadvantages and to compare them with other candidates.
Legal basis: The legal basis is as follows:
2.4.3.1. It is necessary for the hiring decision; or
2.4.3.2. Consent. See the web-site of ADEKA Europe GmbH or each of other Group Companies concerned in respect of the applicants for employment at ADEKA Europe GmbH or each of other Group Companies concerned.

2.4.4. The categories of Personal Data:
The categories of Personal Data to be processed are as follows:
2.4.4.1. If you are a customer, a potential customer, a supplier, or a potential supplier, the information on your business card and the information contained in your e-mails as well as such information as listed in Annex 1.a.
2.4.4.2 In case of the applicants for employment, the information in Annex 1.b. or a part of it.

2.4.5. The recipients or categories of recipients of Personal Data, if any, are as follows:
2.4.5.1. If you are a customer, or a potential customer, the recipients will be our sales representatives, their supervisors (including directors) and assistants as well as our distributors (including trading companies and agents).

2.4.5.2. If you are a supplier or a potential supplier, the recipients will be our employees, their supervisors (including directors) and assistants in the purchasing departments and any administrative departments as well as our distributors (including trading companies and agents).
2.4.5.3. If you are an applicant for employment: the recipients will be our employees and their supervisors (including directors) in the HR departments and any administrative departments as well as the departments to which the applicant may be assigned.

2.4.6. The fact that the Group intends to transfer Personal Data to a third country outside the EEA:
The Personal Data collected may be transferred to the following recipients or categories of recipients. The transfer of personal data from the EU/EEA to Japan can be treated as if it were transferred between EU/EEA Member States because the prohibition of transfer outside of the EEA has been lifted by the adequacy decision of the European Commission on 23 January 2019. Other transfer is justified by the Data Transfer Agreement in the Standard Contractual Clause (so called “SCC”) published by the European Commission. You can obtain a copy of the Clause agreed upon or applicable from the contact described in 2.a., in order to be sure that you have adequate level of protection. The purposes of the transfer:
2.4.6.1. If you are a customer, or a potential customer, for marketing and advertisement, the transfer is necessary to know the needs of the customers, to develop, manufacture the products they would like and to make various practical arrangements for transactions and promotion.
2.4.6.2. If you are a supplier or a potential supplier, such transfer may be necessary to out-source goods or services.
2.4.6.3. If you are an applicant for employment, such transfer may be necessary for hiring decision, globalized talent management and cost-and-productivity analysis.

The countries and the territories of the following recipient (except for those in Japan) have not been decided by the Commission that the country, a territory or organization in question ensures an adequate level of protection. The justification for such transfer is the Standard Contractual Clauses (SCC) that the European Commission published in its Official Journal. Further, the Group makes best efforts to ensure that the following recipients should Process Personal Data at the comparable or similar level to that under GDPR:

■ ADEKA CORPORATION
■ ADEKA USA CORP.

■ ADEKA (SINGAPORE) PTE.LTD.
■ ADEKA (ASIA) PTE.LTD.
■ CHANG CHIANG CHEMICAL CO .,LTD.
■ ADEKA FOODS(ASIA)SDN.BHD.
■ ADEKA KOREA CORP.
■ ADEKA FINE CHEMICAL (CHANGSHU) CO.,LTD.
■ ADEKA FOODS (CHANGSHU) CO.,LTD.

2.4.7. The period for which Personal Data will be stored:
Following the requirement that the Processing of Personal Data shall be adequate, relevant and limited to what is necessary for achieving the purpose. (Art. 5(1c) GDPR, Preamble (78)), the Group will retain Personal Data for the period required to serve the applicable Purpose and for the period:
●  required by law, courts or authorities including applicable legal hold and litigation document preservation requirements, or by contracts and agreements;
●  as advisable in light of an applicable requirement to acquire or preserve intellectual property rights or other rights or privilege of the Data Subject, our Group or a third party;
●  as necessary to acquire or preserve legitimate interests of the Data Subject, the Group or a third party;
●  as advisable in light of an applicable statute of limitations;
●  regarding employees, the period of the employment and 3 years afterwards, and regarding candidates who were not hired, 6 months after the decision concerning the decision on the hiring; or
●  not more than 10 years in respect of Personal Data contained or attached to any accounting documents;
Unless the Controller’s representative decides otherwise, promptly after the applicable retention period has ended, the relevant Personal Data will be:
2.4.7.1. securely deleted or destroyed;
2.4.7.2. anonymized; or
2.4.7.3. set to Archived.
Our Group shall erase Personal Data after 10 years as they are presumed to have become unnecessary.

2.4.8. where the Processing is based on the legitimate interests pursued by the Group or by a third party, what the legitimate interest is. If the Controller or a third party process on the basis of “legitimate interest” it shall notify it to the data subject.
See above 2.3. and below.

In case of a customer or potential customer, the grounds for Processing are "legitimate purposes” or performance of the contract (or request before contract).
In case of a supplier or a potential supplier, the grounds for Processing are "legitimate purposes” or performance of the contract (or request before contract).
The purposes of the Processing are as follows:
2.4.8.1. If you are a customer or a potential customer: conventional direct marketing and other forms of marketing and advertisement including dissemination of information on products, services, promotion, campaign, events and other business by email transmission, meetings and telephone calls. Understanding of the needs of the customer and potential customer.
2.4.8.2. If you are a supplier or potential supplier, it is a legitimate interest of the Group to assess quality of and the fitness of your products and services in relation to our Group’s business.

2.4.9. You have the right to withdraw your Consent, if any, at any time; Please note that the withdrawal applies prospectively only. Processing that occurred before the withdrawal of consent is unaffected.

2.4.10. You will be informed of the following: whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the Personal Data and of the possible consequences of failure to provide such Personal Data;

2.4.11. The Group currently has no profiling or automated decision making in respect of a customer, potential customer, supplier or potential supplier, or applicants for employment.

2.4.12. Where your Personal Data are collected directly or indirectly through a third party, the Group shall, within a reasonable period after the collection, provide you with the whole information listed in from 2.3.1. through 2.3.11., and, regarding indirect acquisition, the categories of Personal Data and the source from which person or company the Personal Data originate (GDPR§14). (The information on legal basis under GDPR is given in the next Paragraph 4.)

2.4.13. You can lodge a complaint with a data protection supervisory authority that would have jurisdiction.

3. List of Personal Data to be collected
The Group may be led to Process various kinds of Personal Data of customer, potential customer, supplier, potential supplier as well as employee candidate for a range of purposes. See above and Annex 1(a)/1(b). These categories of Personal Data thus Processed and the Purposes for which they are Processed are described above or in Annex 1a./1.b..

4. Grounds for Processing
The Group Processes "Personal Data" only if one of the following six conditions under GDPR is met.

a) You have given Consent to the Processing of your Personal Data for one or more specific purposes.
b) Processing is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract;
c) Processing is necessary for compliance with a legal obligation to which Group is subject;
d) Processing is necessary in order to protect the vital interests of you or of another natural person;
e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Group;
f) Processing is necessary for the purposes of the "legitimate interests" pursued by the Group or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

5. Sensitive Personal Data (GDPR§9)
The Group shall Process Sensitive Personal Data (defined in Annex 2) only to the extent necessary to serve the applicable Purpose and according to GDPR requirements.

6. Data security, Minimization, Transparency and Compliance
Taking into account the nature, scope, context and purposes of Processing as well as the risks of varying likelihood and severity for the rights and freedoms, the Group shall implement appropriate technical and organizational measures to ensure and to demonstrate that Processing is performed in accordance with GDPR. Those measures shall be reviewed and updated where necessary (GDPR§24(1)).
Where Processing is to be carried out on behalf of the Group, the Group shall use only Processors providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that Processing will meet the requirements of GDPR and ensure the protection of the rights of the Data Subject (GDPR§28(1))

ANNEX1 (a):
CATEGORIES OF PERSONAL DATA RELATED TO CUSTOMERS, POTENTIALCUSTOMERS, SUPPLIERS AND POTENTIAL SUPPLIERS

PURPOSES:

CUSTOMERS, POTENTIAL CUSTOMERS, VENDORS AND POTENTIAL VENDORS
Purposes: Details:
Statistics Statistics Sales statistics: breakdown of sales by customer, by product, by geographical market, etc.
Analysis of Sales Analysis of customer preference, their proposals, complaints, records of any settlements for complaints, statistical analysis, market research
Servicing Records of repairs and replacement for free guarantee and costs; paid servicing and their profit and loss analysis, provision of technology and support, quality assurance, technical guide, transportation, delivery, newsletter
Marketing Planning Evaluation of various customers, expectation of sales growth, focusing of certain customers, certain product lines, and making promotional planning, meeting memo, analysis of competing products and market penetration,
Strategy Promotional campaign, sales technics, entertainment, transportation and delivery, coordination of appointments and consultation with clients and financial institutions, response to inquiries from websites, exhibitions
Reserch&Development Development of new product; new customer development, product improvements from customers, communications on European environmental, and other regulatory requirement for registration and/or approvals
Other Information exchanges required for globalization of customer developments, improvements for product quality and/or services as well as global talent managaements

Categories and classification of data:
The following categories of Personal Data will be Processed:
Categories of data Details
Information on Data Subject Name, working address, telephone and mobile numbers, e-mail address, date of birth, age, gender, language, country of residence, time zone, user pass word, hobbies and preferences, Family Information Address, meeting attendance lists, courier companies, greetings of personnel changes, skin photo; all information (including a photo) on the business cards collected; photos and videos taken on various business occasions such as exhibitions, distributor meetings, and other company events;
Products purchased Product code number(s), date or period of purchases, cumulated purchases during the fiscal year, product sold to the person in charge of the corporate customer
Sales Conditions Payment conditions, delivery conditions, prices and discount agreement, rebate practice
History Start of purchases, records of repairs, records of complaints and processing costs, orders and other records to logistics companies, entertainment records, minutes of meetings, meeting attendee list, i,a file relating to a sales achievement record, a sales promotion to a specific customer, a file of a sales strategy, information on entertainment, courier companies (overseas shipping methods such as EMS, FedEX, DHL, UPS), orders to freight forwarders, logistics companies and other ancillary records
Particular demand or proposal Particular demand or proposal files on proposals for improvement or modification of products from customers as well as requests and complaints from Data Subjests:

Website visitors
Purposes: Details:
Operating of websites IP-address and cookies are processed to generate and deliver websites to visitors.
Analysis of security incidence In case of security incident logfiles are analysed to understand what has happened to reduce damage, fulfil legal obligations such as reporting to supervisory authorities close security gaps.

The following categories of Personal Data will be Processed
Categories of data Details
website usage data IP-address, User Agent, Timestamp of access, ID used operating system, screen resolution, browser typ, browser version, plugins referrer URL , Cookies, Java-Script on/off, URL of requested resource, clickstream, technical parameter of client device (e.g. type)

Annex 1 (b) :
CATEGORIES OF EMPLOYEE APPLICANT DATA PROCESSED, AND PURPOSES OFPROCESSING

PURPOSES:
1. Hiring procedures and decision
    a) Head-counting and recruiting planning
    b) Selection of category of personnel to be employed
    c) Possibility of temporary or interim employees
    d) ants
2. ants and Staff-related administration:
    a) Application of employment and labour law
    b) Preparation of employment contract
    c) Application of the Work Regulations
    d) Filing requirement
Categories and classification of Personal Data:
The following categories of Personal Data will be Processed:

Categories of Personal Data Purposes
Personal identification data: name, addresses, telephone numbers, passport number, etc. 2.a.
Age, sex, date of birth, place of birth, citizenship, visa. 2.a., 2.b.,
Financial data: bank account numbers 1.a., 1.b.,
Personal characteristics: 1.b.,1.c.,
Family: marital status, cohabitation, spouse/partner name, children, parents, etc. 1.b., 1.c., 2.a., 2.b.,
Housing: Address 1.b., 2.b.
Health-related data: physical health, psychological health, risk-inducing behaviour & situations, treatment data. Records of sick leave, medical certificates, medical examinations and the results. 1.d., 2.a., 2.b.,
Education: School records, studies curriculum, financial history of studies, qualifications, professional experience, publications, etc. 1.d., 2.a
Profession & employment: current employment, function, task description, recruitment data, data on end of employment, career data, salary, work management & organisation, security (passwords & passcodes, security level), data on use of computer resources, etc. 1.d., 2.a
National identification number & social security number 2.a., 2.b.,
Image recordings: photos, videos 1.d.
Other 1
Other 2

Annex 2 DEFINITIONS
‘Personal Data’ means any information relating to an identified or identifiable natural person (“Data Subject"); an identifiable natural persons is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifiers, or to one or more factors specific to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person:

‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Restriction of Processing’ means the marking of stored Personal Data with the aim of limiting their Processing in the future;

‘Profiling’ means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

‘Filing system’ means any structured set of Personal Data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data; where the purposes and means of such Processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Consent’ of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the Processing of Personal Data relating to him or her;

"Archive" means a collection of Personal Data that are no longer necessary to achieve the Purposes for which the Employee Data originally were collected or that are no longer used for general business activities, but are used only for historical, scientific or statistical purposes, dispute resolution, investigations or general archiving purposes after having pseudonymised or set that is subject to appropriately enhanced security and has restricted access (e.g., only by the system administrator and the Data Protection Officer, );

"GDPR" means REGULATION (EU) 2016/679 0F THE EUROPEAN PARLIAMENT AND OF
THE COUNCIL OF 27 April 2016 on the protection of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC.

"Data Protection Officer” means the officer appointed to the extent the Group satisfies the conditions under GDPR or Article 38 of German Act to Adapt Data Protection Law to GDPR.

"Purpose(s)" means the purposes for Processing that are set out in Annexes 1.a. and 1.b. hereto and that were communicated to the Data Subject;

"Sensitive Personal Data" means as provided for in Article 9 of GDPR Personal Data as the Special Categories of Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the Processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation as well as Criminal information;