Privacy and cookie policy and Customer data processing

The information obligations under the articles 13 and 14 of the European Union General Data Protection Regulation (GDPR).

This Privacy Policy describes in Section I processing of personal data by Sulzer in general. Section II contains specific provisions for specific applications.

General information

To whom is this information addressed?

With this customer information the Sulzer Group is informing according to the European General Data Protection Regulation (GDPR) about how the companies of the Sulzer Ltd. and its affiliates (together Sulzer) process personal data as far as they are not covered by other Sulzer privacy policies or are evident from the circumstances or are provided for by applicable law. Personal data means all information relating to an identified or identifiable person. The following persons are considered customers of Sulzer according to this customer information:

  • Business contacts and potential customers and suppliers and their respective employees
  • Current and former customers and suppliers and their respective employees
  • Distributors, agents and other intermediaries and their respective employees
  • Financial community (for example, shareholders investors, brokers, analysts)
  • Journalists
  • Visitors of Sulzer facilities and locations; and
  • Visitors and users of websites registered with Sulzer 
Who is responsible of processing Personal Data?

Every website (including web-portals and mini sites for special events or offers), every presence on social media, multimedia portals, chatbots and every app of Sulzer (each a Website) has a controller within Sulzer with respect to collecting personal data according to the EU General Data Protection Regulation (GDPR) (or comparable provisions according to applicable data protection laws). Unless provided otherwise on the Website (according to the imprint, the terms of use, etc.), Sulzer Management AG is the controller.

The respective subsidiary or affiliate is the controller in case Sulzer communicates through other means of communication (email, letter, telephone, in person, etc.). Should a Sulzer company or affiliate disclose personal data to another Sulzer company or affiliate for certain purposes of the receiving company or affiliate, such company or affiliate is the controller according to article 4 (7) GDPR.

Any inquiry for detailed information, claim or concern regarding this privacy policy and data privacy at Sulzer in general (all companies and affiliates) can be addressed to the following contact person:

Sulzer Global Data Privacy Officer
Sulzer Management Ltd.
Neuwiesenstrasse 15
8401 Winterthur, Switzerland
Email: privacy [at] sulzer.com

What personal data Sulzer collects?

Sulzer collects personal data of customers generally directly during the course of using a Website or at events of Sulzer or during direct communication via email, telephone or in any other way. However, personal data can also in some cases be collected indirectly from other sources e.g. debt registers, commercial and association registers, press, internet; or that is legitimately transferred within Sulzer Group or from other third parties: e.g. a credit agency, a service provider, or derived from combining datasets.

According to applicable law and insofar it is necessary for the purposes of processing, SULZER processes personal data from the following categories: 

Business contacts and potential customers and suppliers and their respective employees

i) Personal Data and Contact Information: first and last name, business contact details, address, residence, telephone number, email address, correspondence data, etc.;

ii) Data in connection with product and services marketing: information such as newsletter opt-ins and opt-outs, documents received, invitations to and participations at events and special activities, personal preferences and interests, etc.; 

iii) Data in connection with communication: such as preferred means of communication, correspondence and communication with Sulzer (including records of the communication), information regarding their function, information relating to the previous contact with these individuals, data regarding marketing activities (e.g. receipt of newsletters), information regarding business transactions, requests, offers, tenders, conditions and contracts, information related to professional or other interests of the individuals etc.;

Current and former customers and suppliers and their respective employees

i) Personal Data and Contact Information: first and last name, business contact details, address, residence, telephone number, email address, correspondence data, etc.;

ii) Data in connection with product and services marketing: information such as newsletter opt-ins and opt-outs, documents received, invitations to and participations at events and special activities, personal preferences and interests, etc.;

iii) Data in connection with communication: such as preferred means of communication, correspondence and communication with Sulzer (including records of the communication), information regarding their function, information relating to the previous contact with these individuals, data regarding marketing activities (e.g. receipt of newsletters), information regarding business transactions, requests, offers, tenders, conditions and contracts, information related to professional or other interests of the individuals etc.;

iv) Data pertaining to orders and purchases: payment information, credit card details and other payment details, billing and shipping address, products and services ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescissions and disputes, etc.;

Distributors, agents and other intermediaries and their respective employees

i) Personal Data and Contact Information: first and last name, business contact details, address, residence, telephone number, email address, correspondence data, etc.;

ii) Data in connection with product and services marketing: information such as newsletter opt-ins and opt-outs, documents received, invitations to and participations at events and special activities, personal preferences and interests, etc.;

iii) Data in connection with communication: such as preferred means of communication, correspondence and communication with Sulzer (including records of the communication), etc.;

iv) Data pertaining to orders and purchases: payment information, credit card details and other payment details, billing and shipping address, products and services ordered and purchased, information connected to queries, complaints and disagreements relating to products and services or respective contracts entered into such as warranty claims, rescissions and disputes, etc.;

Financial community (for example, shareholders investors, brokers, analysts)

i) Personal Data and Contact Information: first and last name, contact details, employer, details regarding shared owned, address, residence, telephone number, email address, correspondence data, etc.;

Journalists

i) Personal Data and Contact Information: first and last name, contact details, address, telephone number, email address, correspondence data, etc.;

Visitors of Sulzer facilities and locations

i) Personal Data and Contact Information: first and last name, contact details, address, telephone number, email address, employer, purpose of visit etc.;

Visitors and users of websites registered with Sulzer

i) Personal Data and Contact Information: first and last name, business contact details, address, residence, telephone number, email address, employer and job function, correspondence data, etc.

ii) Data concerning the use of the Website: IP address and other identification (e.g. user name of social media, MAC address of smartphones or computers, cookies), date and time of Website visits, visited sites and contents, referring websites, etc.;

iii) Data of users of the Website, who do not register with Sulzer but may constitute personal data for example with social media, the provisions of this policy regarding data collected from a customer in connection with the use of the Website shall apply accordingly even though the identification of a visitor usually is not possible for Sulzer. 

How SULZER uses personal data (purposes of processing) and on what legal basis?

In accordance with applicable law, Sulzer processes personal data for the following purposes:

i) in connection with services offered, conclusions of contracts and purchases, executions of contract  (namely purchase contracts and contracts regarding the participation at customer programs and events), maintenance and development of customer relations, communication, customer service and support, promotions, advertisement and marketing (including newsletters and mailing of promotional materials); 

ii) management of the users of the Website and other activities in which customers participate, operation and enhancement of the Website (including the provision of functions which require identifiers or other personal data) and further IT systems, identity verifications;

iii) protection of customers, employees and other individuals and protection of data, secrets and assets of and entrusted to Sulzer, safety of systems and premises of Sulzer; 

iv) compliance with legal and regulatory requirements and internal rules of Sulzer, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities; 

v) sale or acquisitions of business divisions, companies or parts of companies and other corporate transactions and the transfer of associated customer data;

vi) For other purposes as far as a legal obligation requires processing and such processing was evident from the circumstances or indicated at the time of the collection, and

vii) Further purposes according to separate information as evident from the circumstances, according to Section II or applicable data protection law.

In accordance with applicable data protection laws Sulzer may also process

viii) data about visitors of the Website for the purpose of maintaining and developing the Website (including the provision of functions which require identifiers or other personal data), for statistical analysis about the use of the Website, and for combating abusive conduct. The data may also be processed for purposes of legal investigations or proceedings and for the response to inquiries of public authorities; and

ix) data about business contact and potential customers for the purpose of entering into and performance of contracts and other business relationships, promotions, advertisement and marketing, communication, invitation to events and participation in promotions, organization of joint activities. The data may also be processed for purposes of compliance with legal and regulatory requirements and internal rules of Sulzer, enforcement and exploitation of legal rights and claims, defense against legal claims, litigation, complaints, combating abusive conduct, engaging in legal investigations and proceedings and responding to inquiries of public authorities, for the sale or acquisition of business units, companies or parts of companies and other corporate transaction and related transfers of the data.

All the purposes of processing shall be applicable for the whole Sulzer, i.e. not only for the company which initially collected the personal data. Personal data of customers is collected for the purpose of all Sulzer companies. 

Sulzer processes personal data to achieve the purpose of processing according to the following legal grounds:

i) performance of contracts with customers;

ii) compliance with legal obligations of Sulzer; 

iii) consent of the customer (only insofar as the processing is based on a specific query and can be withdrawn at any time, namely the receipt of newsletters for which the client has registered for);

iv) legitimate interests of Sulzer, especially:

 
  • purchase and shipment of products and services, also in connection with individuals who are not direct contractual partners (such as e.g. individuals receiving a gift); 
  • carrying out advertisement and marketing activities; 
  • efficient and effective customer support, maintenance of contact and other communication with customers outside of the processing of contracts; 
  • understanding customer behavior, activities, concerns and needs, market studies;  
  • efficient and effective improvement of existing products and services and development of new products and services; 
  • efficient and effective protection of customers, employees and other individuals as well as protection of data, secrets and assets of or entrusted to Sulzer, safety of systems and premises of Sulzer; 
  • maintenance and secure, efficient and effective organization of business operations including a secure, efficient and effective operation and successful further development of the WEBSITE and other IT systems; 
  • reasonable corporate governance and development; 
  • successful sale and acquisition of business units, companies or parts of companies and other corporate transactions; 
  • compliance with legal and regulatory requirements and internal rules of Sulzer; and
  • concerns regarding the prevention of fraud, offences and crimes as well as investigation in connection with such offences and other improper conduct, handling of claims and actions against Sulzer, cooperation in legal proceedings and with public authorities as well as the prosecution, exercise of and defense against legal actions. 
Who can access personal data and where SULZER transfers the data?

Sulzer may transfer personal data to the following recipients who shall process the data in accordance to the purpose of processing and on behalf of Sulzer or for their own purposes: 

i) Sulzer employees authorized to process employee related personal data on need-to-know basis

ii) service providers (within Sulzer or externally) including data processors;

iii) dealers, suppliers and other business partners;

iv) customers of Sulzer; 

v) local, national and foreign authorities; 

vi) the media; 

vii) the public, including visitors of websites and social media of Sulzer; 

viii) industry organizations, associations, organizations and other committees; 

ix) competitors; 

x) acquirers and prospective acquirers of business divisions, companies and other parts of Sulzer; 

xi) other parties in potential or actual legal proceedings

xii) other companies of Sulzer 

Sulzer may disclose personal data, within Sulzer as well as to third parties in every country worldwide, generally to the countries in which Sulzer is represented by companies, affiliates or other offices and representatives as well as to countries in which service providers of Sulzer process their data. As a general rule, personal data is stored within EU and Switzerland. If data is disclosed to or stored in countries that do not guarantee adequate protection, Sulzer will ensure adequate protection of the data in accordance with applicable data privacy laws and by way of putting adequate contractual guarantees in place, namely on the basis of EU standard clauses, binding corporate rules or it bases the transfer on the exceptions of consent, conclusion or performance of contract, the determination, exercise or enforcement of legal claims, overriding public interests or it discloses the data in order to protect the integrity of these individuals. The customer can obtain a copy of the contractual guarantees from or will be advised where to obtain such copies by the contact person named above. Sulzer reserves the right to redact such copies for reasons of data protection or secrecy reasons.

For how long SULZER stores personal data?

As a general rule, Sulzer retains personal data as long as the contractual or relation with the CUSTOMER is ongoing and for ten years after the termination of the contractual relationship. A longer statutory store obligation may apply on a case-by-case basis or as required for reasons of proof or another valid reason, or the deleting of the data is required earlier (because the data is no longer required or Sulzer is required to delete the respective data).

For operational data containing Personal Data (e.g. protocols, logs) shorter retention periods of 12 months are applicable in general. Business records, including communications, will be retained as long as Sulzer has an interest in them (for reasons of proof in case of claims, documentation of compliance with certain legal or other requirements, an interest in non-personalized analysis) or is obligated to do so (by way of contract, law or other provisions). Deviating legal obligations is reserved for anonymized or pseudonymized data.

Is there automated decision-making?

Sulzer does not generally use any automated decision-making or profiling pursuant to Article 22 of the GDPR. Should Sulzer make such automated decisions, the affected individuals will be informed subsequently or separately in advance in accordance with applicable law.

Which rights the customers have concerning their data?

Any affected persons, including any customer, visitor and business contact, may request information from Sulzer as to whether data concerning them is being processed. In addition, they have the right to request the correction, destruction or restriction of personal data regarding them as well as to object to the processing of personal data. Should the processing of personal data be based on consent, the affected person may withdraw consent at any time. Such withdrawal does not have retroactive effect. Sulzer reserves the right to base the processing of personal data on one or more different legal grounds. In countries of the EU and EEA the affected individual may, in certain cases, have the right to obtain data generated during the use of online services in a structured, common and machine-readable format which allows for further use and transfer (data portability). A request may be submitted to the controller according to chapter 2. Sulzer reserves the right to restrict the rights of the affected individual in accordance with applicable law and e.g. not to disclose comprehensive information or not to delete data.

Any affected person with a complaint about the processing of their personal data may put forward the matter to Sulzer Global Data Protection Officer or raise a complaint with the competent data protection authority, which in the case of a Sulzer controller in Switzerland is the Federal Data Protection and Information Commissioner in Switzerland (http://www.edoeb.admin.ch).

Additional information for specific forms of processing

Sulzer.com website

Provisions regarding the Sulzer.com website can be found in the Privacy and cookie policy and Terms of use of Sulzer website.

Newsletters

Sulzer may send newsletters or other commercial communications in connection with its products and services to customers and business partners. In accordance with applicable law, Sulzer reserves the right to do so without prior consent of existing customers and business partners. The respective customers and business partners have a right to object to a further mailing of newsletters or other commercial communications at any time through their account on the respective Website or through the link indicated in every mailing. The termination of one newsletter may not entail the termination of other newsletters. Sulzer may install coding in newsletters and other marketing email, which allows it to determine if the recipient has opened an email or downloaded pictures contained in the email. The recipient may block this application in his/her email application.

This privacy policy is effective as of May 24, 2018. Sulzer is entitled to amend this privacy policy at any time and without prior notice or announcement. The latest version according to the Sulzer.com is applicable. Should the privacy policy form part of an agreement with customers, Sulzer may inform them of an update or amendments by email or in another appropriate manner. The amendments shall be deemed to have been accepted unless an objection is raised within 30 days of notification. In case of objection, Sulzer shall be free to terminate the agreement exceptionally and with immediate effect.