Privacy Police

Dear Customer,

We, the Maschinenfabrik Bernard Krone GmbH & Co. KG, Heinrich-Krone-Straße 10, 48480 Spelle, Germany, T: +49(0)5977-935-0, F: +49(0)5977/935-339, info.ldm@krone.de together with our sister and subsidiary companies, in particular the mykrone.green GmbH (hereinafter jointly: "KRONE", "We" or "Us") are very pleased that You have placed Your trust in Us as a Customer or User of the goods and services offered by Us (hereinafter jointly: "KRONE Offers").

Although we have always taken the protection of Your data seriously and we also take seriously the additional duties related to our data protection responsibilities as imposed upon Us when the EU-General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") came into effect, in order to ensure the protection of personal data of a data subject affected by processing (we address You as the data subject hereinafter with "Customer", "User" or "You"). One of the GDPR obligations includes the duty to inform the data subject in a transparent manner (cf. Article 13 and 14 GDPR), particularly concerning the nature, scope, purpose, duration, and legal basis for the processing of personal data, to the extent that We determine the purpose and means of processing either alone or together with others. We gladly fulfil this – as well as any other applicable – information duty in this data protection notice (hereinafter: "KRONE Privacy Policy"), by informing You how KRONE processes Your personal data.

The KRONE Privacy Policy is structured in a modular manner. This means it consists of a general part, the contents of which pertain to all processing situations when using KRONE Offers (Part A) and several special parts (Parts B to K), each of which pertain only to the processing situation indicated there, naming the respective KRONE Offer. Since You may not use all KRONE Offers, not all parts of the KRONE Privacy Policy may be relevant for You. In order to find those parts that are relevant for You, please note the following overview showing the subdivision of the KRONE Privacy Policy:

 

PartDescriptionFor You, this part is…You find there, inter alia, information concerning:
AGeneral…always relevant.Definitions, controllership, contact details, processing principles, Your rights
Bmykrone.green…relevant when You use our e-commerce portal mykrone.green.Data categories, processing purposes, legal basis, processing period, data submission, cookie policy
CDealer Portal…relevant, when You use our order tracking and order information system Dealer Portal.Data categories, processing purposes, legal basis, processing period, data submission
DKRONE Easy Select / KRONE App…relevant when You use our product configurator KRONE Easy Select in the browser version or in the app version (KRONE App) by using your mobile device.Data categories, processing purposes, legal basis, processing period, data submission (each for browser and app version)
EKRONE Used…relevant, when You use or web-based platform KRONE Used for the sale and purchase of used agricultural machinery.Data categories, processing purposes, legal basis, processing period, data submission
FE-Solutions…relevant when You use our online shop E-Solutions for the purchase of software products or add-ons for your agricultural machinery.Data categories, processing purposes, legal basis, processing period, data submission
GKRONE Smart Telematics…relevant when You use our telemetry and data management system KRONE Smart Telematics for your agricultural machines in the browser version or via your mobile device.Data categories, processing purposes, legal basis, processing period, data submission (each for browser and app version)
HKWS Online…relevant when You use our guarantee and warranty processing system KWS Online.Data categories, processing purposes, legal basis, processing period, data submission
IKRONE Media…relevant when You retrieve information and content from our media center KRONE Media.Data categories, processing purposes, legal basis, processing period, data submission
JKRONE Training…relevant when You use our electronic training portal KRONE Training for basic, advanced and further training.Data categories, processing purposes, legal basis, processing period, data submission
KForeign Customers…relevant when You use the aforesaid KRONE Offers outside of Germany or otherwise are in business contact with Us from a foreign country.Peculiarities in AU, AT, BE, CH, CZ, DK, ES, FI, FR, GB, HU, HR,  IE, IT, NL, NZ, NO, PL, SB, SE, SI, SK, US, ZA

A. GENERAL

A.1.      Definitions

Based on the definitions contained in the GDPR, for purposes of the KRONE Privacy Policy the following terms have the meaning described hereinafter:

·       "personal data" is any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. The ability to identify a natural person may also be due to a link of such information or other additional knowledge. How the information is obtained, the form, or the embodiment of the information is not relevant to whether the information meets the definition of personal data (e.g. photographs, video or audio recordings may also contain personal data).

·       "processing" is any operation or set of operations which is performed on personal data, whether or not by automated (i.e. technology-based) means. This includes particularly the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data as well as the alteration of a purpose for which the data processing was originally designated.

·       "controller" is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; there may be several joint controllers.

·       "third party" is any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data; this also includes other group-affiliated legal persons.

·       "processor" is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, particularly in accordance with the latter’s instructions (e.g. IT service provider). In terms of data protection law, a processor is not a third party in the sense mentioned above.

A.2.      Name and Address of the Controllers

In order to provide the KRONE Offers the Maschinenfabrik Bernard Krone GmbH & Co. KG, Heinrich-Krone-Straße 10, 48480 Spelle, T: +49(0)5977-935-0, F: +49(0)5977/935-339, info.ldm@krone.de and the mykrone.green GmbH, Heinrich-Krone-Straße 10, 48480 Spelle, T: +49(0)5977-935-599, support@mykrone.green cooperate closely. Even though the processing takes place in different processing steps and systems, which are primarily operated by one of the KRONE companies mentioned above, both companies are legally responsible for the data processing related with KRONE Offers (joint controllership, pursuant to Article 26 GDPR). In the context of their joint controllership, Maschinenfabrik Bernard Krone GmbH & Co. KG and mykrone.green GmbH have agreed which company shall fulfil which of the obligations under the GDPR.

According to that agreement, the parties fulfil their data protection obligations according to their respective responsibilities for the individual processes as follows:

-       Maschinenfabrik Bernard Krone GmbH & Co. KG is responsible insofar as the data processing operations described in Parts C, D, G, H, I und J are concerned, this applies in particular to the exercise of Your rights according to A.11.;

-       mykrone.green GmbH is responsible insofar as the data processing operations described in Parts B, E and F are concerned, this applies in particular to the exercise of Your rights according to A.11.;

-       both joint controllers jointly fulfil the information obligation under Article 13 and Article 14 GDPR in this KRONE Privacy Policy; they also work closely together regarding any other data protection issues.

As an exception to the aforesaid, where applicable, there might be another KRONE company named as controller in Part K for foreign customer constellations. Please pay attention to this.

Please see the imprint on our website for further information pertaining to KRONE, e.g. under https://landmaschinen.krone.de/deutsch/impressum/.

A.3.      Contact Details of the Data Protection Officer

For all questions and as a contact person for data protection issues at KRONE, the data protection officer of the Maschinenfabrik Bernard Krone GmbH & Co. KG, Dr. Uwe Schläger, c/o datenschutz nord GmbH, Konsul-Smidt-Straße 88, 28217 Bremen, email: office@datenschutz-nord.de, T: +49 421 69 66 32 0 (hereinafter: "Data Protection Officer"), will be at Your disposal at all times. To the extent that You are dealing with a KRONE company outside of Germany, a different data protection officer may be specified for that country in Part K.

A.4.      Legal Basis of Processing

According to the law, in principle, any processing of personal data is prohibited and shall be lawful only, if and to the extent that at least one of the following reasons for justification apply to the respective data processing:

a)     Article 6 paragraph 1 lit. a GDPR ("consent"): if the data subject has communicated voluntarily, in an informed manner, and unmistakably through a declaration or other unambiguous consenting act that he or she consents to the processing of the personal data pertaining to her or him for one or several specific purposes;

b)     Article 6 paragraph 1 lit. b GDPR: if the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c)     Article 6 paragraph 1 lit. c GDPR: if the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);

d)     Article 6 paragraph 1 lit. d GDPR: if the processing is necessary in order to protect the vital interests of the data subject or of another natural person;

e)     Article 6 paragraph 1 lit. e GDPR: if the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or

f)      Article 6 paragraph 1 lit. f GDPR ("legitimate interests"): if the processing is necessary for the purposes of the legitimate (particularly legal and economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data (in particular where the data subject is a child).

We will state the applicable legal basis for the data processing operations carried out by Us in each case below. Processing may also be based on several legal bases.

A.5.      Data Erasure and Storage Duration

For the processing operations carried out by KRONE, We will state in each case below for how long We will store the data and when it will be deleted or placed beyond use. To the extent that no explicit storage duration is stated hereinafter, Your personal data will be deleted or placed beyond use as soon as the purpose or the legal basis for storing it no longer exists. Your data will generally be stored only on our servers in Germany, subject to a potential transfer in accordance with the rules in A.7. and A.8.

Storage may, however, extend beyond the stated period in the case of an (actual or threatened) legal dispute with You or any other legal proceedings, or if the storage is required by legal provisions to which We as the controller are subject (e.g. Section 257 of the German Commercial Code (HGB), Section 147 of the German Tax Act (AO)). Once the storage period required under the legal provisions has expired, the personal data will be deleted or placed beyond use, unless further storage by Us is necessary and a legal basis for this continues to exist.

A.6.      Data Security

We make use of suitable technical and organizational security measures in order to protect Your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties (e.g. TLS encryption for our websites) taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing as well as the risk posed by a data breach, including the likelihood and severity, to Your rights and freedoms. Our security measures are continuously improved in accordance with technological developments.

We will gladly provide You with more detailed information upon request. Please contact our data protection officer (see under A.3.) for this purpose.

A.7.      Cooperation with Processors

In order to execute our business transactions, various domestic and foreign service providers act as processors for us, as for any larger company. These processors operate only in accordance with our instructions and are contractually required to comply with all data protection law provisions.

If We pass on Your personal data to our subsidiaries (e.g. if You as a Foreign Customer place an order via Easy Select, which is processed by our local subsidiary) or if Your personal data is passed on by our subsidiaries to Us (e.g. if one of our subsidiaries should be stated as controller in Part K), this takes place based on existing processing relationships (see under A.1.) on behalf of the controller (see A.2.).

A.8.      Conditions for the Transfer of Personal Data to Non-EEA Countries

As a result of the global orientation of our company, Your personal data may be shared between the group companies of KRONE and/or third parties (e.g. importers or dealers) as part of our business relationships (a list of our importers and dealers by country can be found, for example, at https://landmaschinen.krone.de/deutsch/vertrieb). These may also be located outside of the European Economic Area ("EEA"), i.e. in non-EEA countries. Such processing takes place exclusively to fulfil the contractual and commercial obligations, to maintain Your business relationship with KRONE or for some other legitimate interests described in this KRONE Privacy Policy. Hereinafter We provide You with information about the respective details of the transfer of personal data to companies in non-EEA countries where it is relevant.

The European Commission has certified through so-called adequacy decisions that some non-EEA countries have data protection that is comparable to the EEA standard (You may obtain a list of these countries as well as a copy of the adequacy decisions here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm). In other non-EEA countries, however, to which personal data might be transferred, no consistently high data protection level may exist due to the absence of legal provisions. To the extent that this is the case, We ensure that the data protection is sufficiently ensured. This is possible through binding corporate rules, standard contract clauses of the European Commission for the protection of personal data, certificates, recognized codes of conduct, or a self-certification via the EU-US-Privacy Shield (You can obtain information about this here: https://www.privacyshield.gov/welcome). Please contact our data protection officer, if You would like to receive further information on this subject.

A.9.      No Automated Decision-Making (including Profiling)

KRONE does not intend to use any personal data collected from You for automated decision-making processes (including profiling).

A.10.    No Obligation to Provide Personal Data

KRONE is not subject to any special legal or contractual obligations to make the processed personal data available to third parties.

We do not make the conclusion of contracts contingent upon You providing Us with Your personal data first. There is generally no legal or contractual obligation for You as a Customer to provide Us with Your personal data; it may be, however, that we are able to provide certain KRONE Offers only to a limited extent or not at all, if You do not provide the data necessary for this. If this should exceptionally be the case in the context of the KRONE Offers offered by Us, We will point this out to You separately hereinafter.

A.11.    Your Rights

You are able to assert Your rights as a data subject to Us under the contact information stated under A.2. above at any time and without any explanation. You have the right as a data subject:

·       to demand information about Your data processed by Us pursuant to Article 15 GDPR. In particular, You can demand information about the processing purposes, the data categories, the categories of recipients to which Your data was or will be disclosed, the planned storage duration, the existence of a right to rectification, erasure, restriction of or objection to processing, the existence of a right to complain, the origin of Your data, if it was not collected by us, and about the existence of any automated decision-making including profiling and, if applicable, meaningful information about its details;

·       to demand without undue delay the rectification of inaccurate or the completion of incomplete data concerning You stored by Us pursuant to Article 16 GDPR;

·       to demand the erasure of data concerning You stored by Us pursuant to, and within the limits of, Article 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defence of legal claims;

·       to demand the restriction of processing of Your data pursuant to Article 18 GDPR, to the extent that You contest the accuracy of the data or the processing is unlawful;

·       to receive Your data that You provided to Us in a structured, commonly used, and machine-readable format or to demand transmission of that data to another controller pursuant to, and within the limits of, Article 20 GDPR ("data portability");

·       to object to the processing pursuant to Article 21 GDPR, if the processing is based on Article 6 paragraph 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not required for the performance of a contract with You. If this does not involve an objection against direct marketing, then when exercising this right to object We ask You to state the reasons, why We are not supposed to process Your data in the manner carried out by us. If You provide the reasons for Your objection, We will review the situation and will either cease or adapt the data processing or demonstrate our compelling legitimate grounds based on which We continue the processing;

·       to withdraw Your previously (even before the GDPR became effective, i.e. prior to 25 May 2018) given "consent" – i.e. Your will declared or otherwise communicated voluntarily, in an informed manner and unmistakably through a clear confirming act that You consent to the processing of the personal data in question for one or several specific purposes – at any time pursuant to Article 7 paragraph 3 GDPR, if You have granted such consent. As a consequence, We are no longer permitted to continue the data processing based on that consent for the future, and

·       to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR. For this purpose, You may complain to the supervisory authority of Your habitual residence (see Part K, if applicable) or of our registered seat (Die Landesbeauftragte für den Datenschutz Niedersachsen, Prinzenstraße 5, 30159 Hannover, T: +49(0)511-120-4500, F: +49(0)511-120-4599, email: poststelle@lfd.niedersachsen.de).

A.12.    Changes to the KRONE Privacy Policy

During the course of the further development of data protection law as well as due to technological or organizational changes, the KRONE Privacy Policy will regularly be reviewed for the need to adapt or supplement the information. You will be informed about any changes particularly on our websites under https://landmaschinen.krone.de or https://www.mykrone.green. This Privacy Policy Information is as of May 2020.

 

B. MYKRONE.GREEN

B.1.         Explanation

On our websites (under www.mykrone.green) We provide You with our interactive customer portal mykrone.green (hereinafter: "mykrone.green"), which allows You to use many different KRONE Offers, provided that the services are activated for You. You can use mykrone.green as an "Anonymous User" or as a "Registered User" (in different user roles). The usage details are subject to our Terms of Use for mykrone.green which are available for review under Terms of Use in different language versions. When using mykrone.green We will process Your personal data.

If and to the extent You use further KRONE Offers via mykrone.green, further personal data may be processed; in this context, please note the information provided in the other parts of this KRONE Privacy Policy may be applicable to You. If You use other (German or foreign) KRONE websites, please note the information on the respective websites.

B.2.         Which data do We process when You use mykrone.green?

B.2.1.      Anonymous Users

If You Use mykrone.green as an Anonymous User, the processing of Your personal data does not exceed the processing when any user accesses our websites solely for information purposes. The following data is collected, stored, and processed by Us:

·       "Protocol Data": When You visit our websites, a so-called protocol data record is automatically stored temporarily and anonymously on our web server in so-called log files, which consists of:

-       the page from which the file was requested,

-       the name of the file,

-       the date and time of the request,

-       the amount of data transferred,

-       the access status (file transferred, file not found),

-       the description of the type of web browser used,

-       the IP address of the requesting computer, which is shortened in such a way that it is no longer possible to attribute it to a person. 

·       "Contact Form Data": When using contact forms, the data transmitted thereby (e.g. gender, name, address, company name, email address; and any additional data, You chose to provide Us) and the time of transmission are processed.

·       Regarding Cookies, Plugins und other services on our websites please see B.6.

B.2.2.      Registered Users (Portal Users)

When You use mykrone.green as a Registered User (Portal User) the following categories of personal data are additionally collected, stored, and processed by Us prior to or during the use of mykrone.green:

·       "User Registration Data" (for the purpose of registration): Gender, name, address, email address, company name, status, phone number, VAT or tax number; where applicable, customer number, picture;

·       "User Data": Where applicable, information pertaining to other Portal Users assigned to Your user profile (gender, name, email address, notes);

·       "Dealer Data": Where applicable, information pertaining to Dealers assigned to Your user profile (name, address, contact data);

·       "Machine Characteristics": Where applicable, information pertaining to Machines assigned to Your user profile (name, pictures, machine number, series, product codes, equipment features).

B.3.          For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves to fulfil the following purposes:

·       Processing of Protocol Data: Statistical purposes and improvement of the quality of our websites, particularly stability and security of the connection (legal basis is Article 6 paragraph 1 lit. f GDPR);

·       Processing of Contact Form Data: Handling of customer inquiries (legal basis is Article 6 paragraph 1 lit. b or lit. f GDPR);

·       Processing of User Registration Data, User Data, Dealer Data, Machine Characteristics:

(1) Executing the services offered through the system or provided through the system, handling customer inquiries (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Maintaining and protecting the safety of our KRONE Offers, preventing and uncovering security risks or criminal acts, duplicate checks, asserting and defending against legal claims, settling legal disputes, sending out of information about related service offerings (legal basis in this case is Article 6 paragraph 1 lit. f GDPR, in the case of the use for marketing purposes vis-à-vis end customers Article 6 paragraph 1 lit. a GDPR, where applicable);

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

B.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

B.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Apart from Us and our responsible personnel, the following categories of recipients may be granted access to Your personal data:

·       Service providers for the operation of our websites and the processing of the data stored or transmitted by the systems (e.g. for computer centre services, payment handling, IT security) (legal basis for the transmission is in this case Article 6 paragraph 1 lit. b or lit. f GDPR, to the extent that these are not processors);

·       Service providers and competent bodies (mostly KRONE group companies) in connection with the provision and optimization of other services in connection with the Websites (legal basis for the transfer is in this case Article 6 paragraph 1 lit. b or lit. f GDPR, to the extent that these are not processors; concerning the use of cookies and plugins see under B.6.);

·       Governmental agencies/offices, to the extent this is necessary for compliance with a legal obligation (legal basis for the transmission is in this case Article 6 paragraph 1 lit. c GDPR);

·       Persons employed to conduct our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, participants in company acquisitions or the establishment of joint venture enterprises) (legal basis for the transmission is in this case Article 6 paragraph 1 lit. b or lit. f GDPR);

·       Users assigned to Your user profile (legal basis for the transmission is in this case Article 6 paragraph 1 lit. b or lit. f GDPR);

·       Dealers assigned to Your user profile, provided You give your respective consent to that (e.g. if You allow the dealer to retrieve machine data via KRONE Smart Telematics, see Part G) legal basis for the transmission is in this case Article 6 paragraph 1 lit. b or lit. f GDPR);

·       Other users of mykrone.green, to the extent that this is required to fulfil our contractual obligations (e.g. for sales negotiations with regard to KRONE Used, see Part E) (legal basis for the transmission is in this case Article 6 paragraph 1 lit. b or lit. f GDPR);

·       Providers of external services or functionalities, provided You give your respective consent to that, such as Lexcom Informationssysteme GmbH, Rüdesheimer Straße 23, 80686 Munich, in case of an application for the use of the cross-manufacturer spare parts management platform www.agroparts.com (legal basis for transmission is in this case Article 6 paragraph 1 lit. a GDPR); in these cases, please also note the privacy policy of the respective provider.

Apart from that, We only submit Your personal data to third parties (e.g. for marketing or advertising purposes) if You have given Your explicit consent to this pursuant to Article 6 paragraph 1 lit. a GDPR. To the extent that a data submission is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

See A.8. as to how a reasonable level of data protection is ensured when data is transmitted to non-EEA countries.

B.6.          Cookies, Plugins and Other Services on Our Websites

B.6.1.      Cookies

We use cookies on our websites, inclusive of mykrone.green. Cookies are small text files, which are allocated and stored on Your hard drive by the browser used by You through a characteristic sequence of characters and through which the entity setting that cookie receives certain information. Cookies are unable to execute programs or transfer viruses to Your computer and therefore cannot do any damage. They serve to make the Internet offers more user-friendly and effective overall, i.e. more pleasant for You.

Cookies may contain data that makes it possible to recognize the used device again. However, some cookies merely contain information about certain settings, which cannot be related to a person. However, cookies cannot identify a user directly. 

A distinction is made between session cookies, which are erased as soon as You close Your browser, and permanent cookies, which are stored beyond the individual session. As far as their function is concerned, a distinction is made between cookies serving as:

-       Technical Cookies: These are absolutely necessary in order to move around the website, use fundamental functions, and ensure the security of the website; they do not collect any information about You for marketing purposes and do not store the websites visited by You;

-       Performance Cookies: These collect information about how You use our website, which pages You visit, and e.g. whether errors happen during the use of the website; they do not collect any information that could identify You – all collected information is anonymous and used only to improve our website and to find out what is interesting for our users; Performance Cookies will only be activated with Your prior explicit consent;

-       Advertising Cookies, Targeting Cookies: These serve to offer advertising or third party offers to the website user in accordance with his needs and to measure the effectiveness of these offers; Advertising and Targeting Cookies are stored for a maximum of 13 months and will only be activated with Your prior explicit consent;

-       Sharing Cookies: These serve to improve the interactivity of our websites with other services (e.g. social networks); Sharing Cookies are stored for a maximum of 13 months and will only be activated with Your prior explicit consent.

When You use our websites, the cookies shown in detail below will be used. You can set Your browser so that it informs You when cookies are set. You may also erase cookies at any time using the corresponding browser settings and prevent new cookies from being set. Please obtain the corresponding information from Your respective browser provider. You may also deactivate cookies via deactivation links, which are explained below.

Please note that when cookies are deactivated, our websites may no longer be displayed optimally and that some functions may no longer be available technically.

B.6.2.      Secure Website Connection

Your browser uses technical cookies in order to establish a secure connection with Internet pages using a "https" URL; the data processing therefore takes place based on Article 6 paragraph 1 lit. f GDPR. There are different cookie versions for different safety levels.

The following cookies are currently used for that purpose:

Name

Purpose

Expiration

TLSVersion

This informs Us about the highest TLS version used by Your browser in order to decide, which version is supported.

when You close Your browser

 

B.6.3.      Embedded YouTube Videos

On some subpages, We embed YouTube videos in our websites. Accessing these subpages results in YouTube content being accessed. YouTube thereby also receives Your IP address, which is technically required to access the content. We generally have no influence over the further processing by YouTube (You may obtain additional information regarding the purpose and extent of the data collection e.g. under http://www.google.de/intl/de/policies/privacy; about the data protection at Google LLC (USA) see also B.6.4.). However, We paid attention to activate the extended data protection mode offered by YouTube when embedding the videos. Since the videos cannot be displayed otherwise, these cookies are Performance Cookies. The data processing takes place based on Article 6 paragraph 1 lit. a GDPR (consent).

YouTube sets the following cookies when You visit websites with YouTube videos and give Your respective consent to do so:

Name

Purpose

Expiration

_use_hitbox

This is a randomly generated number, which identifies Your browser.

when You close Your browser

VISITOR_INFO1_LIVE

This allows YouTube to count the number of times embedded YouTube videos have been viewed.

9 months

 

B.6.4.      Google Analytics

In order to design our websites in a way that is tailored to market needs, We create pseudonym usage profiles with the aid of Google Analytics. Google Analytics uses Performance Cookies, which are stored on Your device and may be read by us. This way, We are able to recognize recurrent visitors and count them as such. The data processing occurs based on Article 6 paragraph 1 lit. a GDPR (consent).

The information created by the cookie about Your use of our websites is regularly transmitted to a Google server in the United States and stored there. Since We have activated the IP anonymization on our websites, Your IP address is shortened by Google in the territory of the Member States of the European Union before transfer. Only in exceptional cases is the full IP address transferred to a Google server in the United States (an adequate data protection level exists pursuant to Article 45 paragraph 1 GDPR due to Google's participation in the EU-US-Privacy Shield, see also A.8.) and shortened only there (You may obtain additional information regarding the purpose and extent of the data collection e.g. under http://www.google.de/intl/de/policies/privacy). We also concluded a contract with Google LLC (USA) for processing pursuant to Article 28 GDPR. In accordance with our instructions, Google will use all information strictly only for the purpose of analysing the use of our websites for Us and compile reports about the website activity.

Google sets the following cookies if You visit our webpage and give Your respective consent to do so:

Name

Purpose

Expiration

_ga

This helps Us to count, how many persons visit our Internet presentation, if You have already visited it.

2 years

_gid

This helps Us to count, how many persons visit our Internet presentation, if You have already visited it.

24 hours

_gat

This helps Us to manage the frequency in which requests for displaying a webpage were submitted.

10 minutes

You may object to the processing at any time. Please use one of the following options for this:

·       You can tell Us that You wish to withdraw Your previously given consent.

·       You can prevent the storage of cookies through corresponding settings in Your browser software; We would like to point out, however, that You might not be able to fully use all functions of our websites in this case.

·       You can furthermore prevent the recording of the data created by the cookie that pertains to Your use of our websites (including Your IP address) by Google as well as the processing of that data by Google, by downloading and installing the browser plugin available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de).

·       You can also prevent Google Analytics from collecting data by setting an Opt-out-Cookie, which permanently prevents the future collection of Your data when visiting our websites. To object to the processing of Your data by Google Analytics, click on the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

B.6.5.      Matomo

In connection with the use of the our websites, We use pseudonym usage profiles in order to design the webpage in a way that is tailored to market needs, which are created with the aid of the web analysis tool Matomo. Matomo uses Performance Cookies, which are stored on Your device and can be read by us. This way, We are able to recognize recurrent visitors and count them as such. The unabridged IP address is not stored. The data processing takes place based on Your consent pursuant to Article 6 paragraph 1 lit. a GDPR.

Matomo sets the following cookies if You visit our webpage and give Your respective consent to do so:

Name

Purpose

Expiration

_utma

This helps Us to count, how many persons visit our Internet presentation, if You have already visited it.

13 months

_utmb

This works together with _utmc, in order to calculate the average time You spent on Your Internet presentation.

30 minutes

_utmc

This allows us, together with _utmb, to calculate the time when You close Your browser.

when You close Your browser

_utmz

This provides Us with the information about how You came to our Internet presentation (e.g. from a different internet presentation or search engine).

6 months

 

B.6.6.      Plugins

We do not use any social media plugins on our websites. If our websites contain symbols of social media providers (e.g. of Xing or Facebook), We use these only to passively link to the sites of the respective providers.

 

 

C. DEALER PORTAL

C.1.         Explanation

Via mykrone.green (see Part B) We provide Registered Users with access to our Dealer Portal, which is an order-tracking and order-information system through which You can call up and, where applicable, save and print information pertaining to Your Orders and commissions from KRONE (e.g. invoices, maturity reports, delivery notes, order tracking). The Dealer Portal is a pure display tool that is fed via the data stored in our SAP system. It is available in various language versions.

C.2.         Which data do We process when You use the Dealer Portal?

If You use the Dealer Portal via mykrone.green, the processing of Your personal data by Us does not exceed the processing that occurs during the use of mykrone.green as a Registered User (it is not possible to use the Dealer Portal as an Anonymous User). This applies in particular to the use of cookies and plugins (see B.6.). We would therefore like to ask You to read the information provided for mykrone.green (see Part B).

C.3.          For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. As regards the purposes of processing please see the information provided for mykrone.green (see Part B).

C.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

C.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients disclosed in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

 

 

D. KRONE EASY SELECT / KRONE APP

D.1.         Explanation

Via mykrone.green (see Part B) We provide You with access to KRONE Easy Select, which is an interactive product configurator through which You can configure products and, where applicable, purchase additional services. The usage details are determined by our Terms of Use for KRONE Easy Select which are available under Terms of Use in various language versions.

In addition to the browser version, an app version of KRONE Easy Select named KRONE App is also available. The usage details are determined by our Terms of Use for KRONE Easy Select, which are available in various language versions in the settings of the KRONE App or under the link mentioned in the previous paragraph.

D.2.         Which data do We process when You use KRONE Easy Select or the KRONE App?

D.2.1.      KRONE Easy Select

If You use KRONE Easy Select via mykrone.green, the processing of Your personal data by Us is, in the first instance, the same that occurs during the use of mykrone.green as a Registered User or as an Anonymous User. This applies in particular to the use of cookies and plugins (see B.6.). Therefore You should review the information provided for mykrone.green (see Part B).

In addition to the data described in Part B, the following categories of personal data will be collected, stored and processed by Us when using KRONE Easy Select via mykrone.green:

·       "Sales Data" (when creating purchase orders): If applicable, data on operations (e.g. machine configuration, status, Easy Select number, end customer, external order number, responsible factory agent, invoice/goods recipient, principal, professional advisor, SAP number, comments for the factory agent or distribution partner);

·       "Professional Advisor Data" (when creating purchase orders): If applicable, information about professional advisors (name and email address);

·       "End Customer Data" (when creating purchase orders): If applicable, information regarding end customers and recipients of goods (in each case gender, name, address, title, company name, telephone number, fax number, email address);

·       "Payment Data" (when creating purchase orders): Bank account, credit card information, any other information which are relevant for the payment process;

·       "Other Contract Processing Data": Other data, which is collected in the course of our contractual relationship and the processing of which is required for this purpose or which You provide voluntarily (e.g. machine configuration, status, external order number, responsible factory agent, principal, invoice/goods recipient, professional advisor).

D.2.2.      KRONE App

If You download the KRONE App from the respective app store, the information required for this process is transferred to the operator of the respective app store. This applies to personal data such as Your user name, Your contact data, customer number, time of download, device identifier and, if applicable, payment data. This data processing takes place independently of Us by the respective app store operator, so that the latter is responsible under data protection law. Please therefore consult the data protection information or privacy policy of the respective app store operator.

If You use the KRONE App as a guest user, the processing of Your personal data by Us does not exceed the processing of Protocol Data when visiting our internet pages since the app establishes a connection to the internet and accesses a server. Regarding the scope and purpose of the processing of Protocol Data please see B.2. to B.5.

If You use the KRONE App as an Registered User, the categories of personal data collected, stored and processed by Us while using the KRONE App are the same as when using KRONE Easy Select (please see D.2.1.).

D.3.         For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Professional Advisor Data and End Customer Data:

(1) Executing the services offered through the system or provided through the system, handling customer inquiries, determination and processing of service requirements (e.g. support for technical problems via remote access) (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Maintaining and protecting the safety of our KRONE Offers, preventing and uncovering security risks or criminal acts, asserting and defending against legal claims, settling legal disputes, sending out of information about related service offerings (legal basis in this case is Article 6 paragraph 1 lit. f GDPR, in the case of the use for marketing purposes vis-à-vis end customers Article 6 paragraph 1 lit. a GDPR, where applicable);

·       Processing of Sales Data:

(1) Executing the services offered through the system or provided through the system, handling customer inquiries, determination and processing of service requirements (e.g. support for technical problems via remote access) (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services (e.g. systems in terms of operational security, freedom from interference and user-friendliness), protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR).

·       Processing of Payment Data: Settlement and collection of payments, accounting purposes (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

·       Processing of Other Contract Processing Data: Fulfilment of our obligations under the contracts concluded with You, e.g. processing of Orders, providing of services and support (legal basis in this case is Article 6 paragraph 1 lit. b GDPR).

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

D.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

D.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

E. KRONE USED

E.1.          Explanation

Via mykrone.green (see Part B) We provide You with access to our system KRONE Used, which is a web-based platform for the sale of used agricultural machines. The platform only serves the purpose to connect the users by the information given in the sales advertisements; We are generally not involved in the sales transactions. The usage details are determined by our Terms of Use for KRONE Used which are available for You in various language versions under Terms of Use.

E.2.          Which data do We process when You use KRONE Used?

E.2.1.      Seller Data, Advertisement Data and Prospective Buyer Data

If You use KRONE Used via mykrone.green, the processing of Your personal data by Us does not exceed the processing that occurs during the use of mykrone.green as a Registered User (it is not possible to use KRONE Used as an Anonymous User). This applies in particular to the use of cookies and plugins (see B.6.). We direct You to the information provided for mykrone.green (see Part B).

In addition to these data described in Part B, the following categories of personal data will be collected, stored and processed by Us when using KRONE Used via mykrone.green:

·         "Seller Data" (when creating the advertisement): name, address, contact person, phone number, fax number, eMail address;

·         "Advertisement Data" (when creating the advertisement): machine picture, machine manufacturer, type designation, price, location, year of construction, operating hours and other supplementary machine-related values (e.g. area output, number of rows, working width, engine output, drum hours) and other voluntary information on the condition of the machine;

·         "Prospective Buyer Data" (in case of contact by a prospective buyer via the contact form): the data transmitted in the contact form, e.g. name, contact data provided (email address, telephone number, etc.) and the time of transmission.

E.2.2.      Use of Anonymized Sales Data

As soon as an agricultural machine is sold by a seller and the corresponding advertisement in KRONE Used is to be deleted, We request to provide to us the selling price and the country of destination of the sale. These sales data and the advertisement data are stored and evaluated by Us, but in anonymous form, i.e. there is no possibility for Us to establish a connection to the buyer or seller with regard to a specific sales transaction. We use these values to build our knowledge in the used machine sector in order to advise our customers adequately when requested.

E.3.          For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Seller Data, Advertisement Data and Prospective Buyer Data:

(1) Executing the services offered through the system or provided through the system, determination and processing of service requirements (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services (e.g. systems in terms of operational security, freedom from interference and user-friendliness), protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR).

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

E.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies. Anonymized sales and advertisement data will be stored for a longer time, where appropriate.

You can find more details on the storage duration under A.5.

E.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

If and to the extent You place an advertisement in KRONE Used, where appropriate, we submit the information contained in the advertisement to potentially interested parties in order to enable a sale (legal basis for this is Article 6 paragraph 1 lit. f GDPR). Apart from that, only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

F. E-SOLUTIONS

F.1.          Explanation

Via mykrone.green (see Part B) We provide You with our system E-Solutions, which is an online shop for the purchase of add-ons (software products and licenses). The usage details are determined by our Terms of Use for E-Solutions which are available for You in various language versions under Terms of Use.

F.2.          Which data do We processed when You use E-Solutions?

If You use E-Solutions via mykrone.green, the processing of Your personal data by Us is, in the first instance, the same that occurs during the use of mykrone.green as a Registered User or as an Anonymous User. This applies in particular to the use of cookies and plugins (see B.6.). We direct You to the information provided for mykrone.green (see Part B).

In addition to the data described in Part B, the following categories of personal data will be collected, stored and processed by Us when using E-Solutions via mykrone.green:

·       "Other Contract Processing Data" (when creating an Order): Other data, which is collected in the course of the processing of our contractual relationship and the processing of which is required for this purpose or which You provide voluntarily (e.g. the machines on which an ordered software product shall be applied; product variants; invoice/service recipient).

To the extent that payment data (bank account, credit card information, other information required for payment processing) is collected when Orders are placed, this is not done by Us, but by the payment service provider commissioned by Us on his own responsibility. In this respect, please consult the payment service provider's data protection information or privacy policy.

F.3.          For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Other Contract Processing Data:

(1) Fulfilment of our obligations under the contracts concluded with You, e.g. processing of Orders, providing of services and support, processing of customer inquiries, detection und processing of service requirements (e.g. support in case of technical problems via remote access) (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services (e.g. systems in terms of operational security, freedom from interference and user-friendliness), protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR).

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

F.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

F.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

 

G. KRONE SMART TELEMATICS

G.1.         Explanation

KRONE Smart Telematics is our fleet and data management system for Your KRONE agricultural machine, which You can use in the browser version via mykrone.green (see Part B) and as an application for mobile devices in an app version ("SMART TELEMATICS"). If You use KRONE Smart Telematics for Your KRONE agricultural machine, data and information relating to Your machine will be transferred to Us and processed by Us in a database which can be accessed by You via Your KRONE Smart Telematics user account. Data is transmitted automatically by remote data transmission via a telemetry unit with SIM card and GPS receiver on the agricultural machine (so-called KRONE Smart Connect Control Unit, hereinafter: "KSC"). Please note that the KSC or KRONE Smart Telematics always record only machine-related values that can be assigned to a specific agricultural machine via the serial number of the machine and the number of the KSC. It is not possible for Us to draw concrete conclusions about persons directly from machine data or to assign them to specific individuals. The data related to Your machine is only displayed in Your KRONE Smart Telematics user account.

The usage details are determined by our Terms of Use for KRONE Smart Telematics, which are available for You in various language versions under Terms of Use, and any other agreements concluded for this purpose.

G.2.         Which data do We process when You use KRONE Smart Telematics?

G.2.1.      Browser Version

If You use KRONE Smart Telematics via mykrone.green, the processing of Your personal data by Us is, in the first instance, the same that occurs during the use of mykrone.green as a Registered User (it is not possible to use KRONE Smart Telematics as Anonymous User). This applies in particular to the use of cookies and plugins (see B.6.). We would therefore like to ask You to read the information provided for mykrone.green (see Part B).

In addition to these data, the following categories of personal data will be collected, stored and processed by Us when using KRONE Smart Telematics via mykrone.green:

·       "Machine Identification Data" (of the machines for which KRONE Smart Telematics is to be used): Serial numbers of the machines, the KSC and the machine terminals;

·       "Machine Data" (these are classified as personal data only in the case of a personal reference – see A.1., first bullet) including in particular, depending on the respective machine model:

-       Operating status data (e.g. fuel consumption, fill levels, charge air temperature, coolant temperature, tank content of urea, speed, engine load);

-       Data on active and inactive working time and lifetime;

-       Active and inactive route data, including position data;

-       Process-related data on tasks performed (e.g. bales deposited and cut, last bale deposit point, total area traveled, total distance, total yield, total number of bales);

-       Drum and motor operating hours;

-       Reactions of the system in special operational situations (e.g. overload, failures);

-       Error messages and machine status messages.

·       "Other Contract Processing Data" (when creating an Order): Other data, which is collected in the course of the processing of our contractual relationship and the processing of which is required for this purpose or which You provide voluntarily (e.g. invoice recipient).

To the extent that payment data (bank account, credit card information, other information required for payment processing) is collected when Orders are placed, this is not done by Us, but by the payment service provider commissioned by Us on his own responsibility. In this respect, please consult the payment service provider's data protection information or privacy policy.

G.2.2.      App Version

If You download the app version of KRONE Smart Telematics from the respective app store, the information required for this process is transferred to the operator of the app store. This applies to personal data such as Your user name, Your contact data, customer number, time of download, device code and, if applicable, payment data. This processing takes place independently of Us by the respective app store operator, so that the latter is responsible under data protection law. Please note the data protection information of the respective app store operator.

If You use the app SMART TELEMATICS as a Guest User, the processing of Your personal data by Us does not exceed the processing of Protocol Data when visiting our internet pages since the app establishes a connection to the internet and accesses a server. Regarding the scope and purpose of the processing of Protocol Data please see B.2. to B.5.

If You use the app SMART TELEMATICS as an Registered User, the categories of personal data collected, stored and processed by Us while using the app SMART TELEMATICS are the same as when using KRONE Smart Telematics via mykrone.green (please see G.2.1.).

G.3.          For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Machine Identification Data and Machine Data:

(1) Executing the services offered through the system or provided through the system, determination and processing of service requirements, e.g. support in case of technical problems via remote access (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services (e.g. systems in terms of operational security, freedom from interference and user-friendliness), protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR).

·       Processing of Other Contract Processing Data:

(1) Fulfilment of our obligations under the contracts concluded with You, e.g. processing of Orders, providing of services and support, processing of customer inquiries, detection und processing of service requirements (e.g. support in case of technical problems via remote access) (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services (e.g. systems in terms of operational security, freedom from interference and user-friendliness), protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR).

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

G.4.          For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

Data on Machine Characteristics, Payment Data and Other Contract Processing Data will be deleted 365 days after termination of the user agreement, unless there are legal retention periods to observe. Machine Data will either be deleted or anonymized, if We continue to store them.

You can find more details on the storage duration under A.5.

G.5.          Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data. The following companies act as service providers for the operation of KRONE Smart Telematics and the processing of the personal data stored and transferred by its use:

-       Datineo GmbH, Heinrich-Krone-Straße 10, 48480 Spelle, info@datineo.de, https://datineo.de/;

-       InterNetX GmbH, Johanna-Dachs-Straße 55, 93055 Regensburg, info@internetx.com, https://www.internetx.com/.

G.6.          Obligation to Inform the Users of an Agricultural Machine

To the extent that Your KRONE agricultural machine is used by or made available to one of Your employees or third persons, We cannot fulfill our obligations to inform these persons since they are not known to Us (unless they are assigned to Your User Profile as an Assigned User in mykrone.green). Therefore, within the framework of the Terms of Use of KRONE Smart Telematics, You are obliged to inform these persons about the data processing that occurs when using KRONE Smart Telematics to the extent that these persons are not already aware of this KRONE Privacy Policy and You also have to fulfill any other data protection obligations as a controller of the data.

 

H. KWS ONLINE

H.1.         Explanation

Via mykrone.green (see Part B) We provide Registered Users with our system KWS Online (KRONE Warranty Service Online), which is an electronic system for the recording and processing of guarantee and warranty claims. By means of KWS Online, You can electronically manage the guarantee and warranty processing of Your KRONE agricultural machinery stock in an effective and user-friendly way. KWS Online is available in various language versions.

H.2.         Which data do We process when You use KWS Online?

If You use KWS Online via mykrone.green, the processing of Your personal data by Us is, in the first instance, the same that occurs during the use of mykrone.green as a Registered User (it is not possible to use KWS Online as Anonymous User). This applies in particular to the use of cookies and plugins (see B.6.). We would therefore like to ask You to read the information provided for mykrone.green (see Part B).

In addition to the data described in Part B, the following categories of personal data will be collected, stored and processed by Us when using KWS Online via mykrone.green:

·       "End Customer Data" (when creating a transfer declaration or a request): name/company name, address, zip code, Land, telephone number, fax number, email address;

·       "Delivery Data" (when creating a transfer declaration): machine number, machine type, delivery date, commissioning date, beginning and end of warranty period, delivery date, if applicable further remarks and pictures;

·       "Request Data" (when creating a request): type of request, machine number, expenses/costs to be reimbursed; if applicable, conversion or repair kit number, material number, invoice number, internal order number and other internal information, details of the damage (defect location, part, quantity, type of defect, measures, date of damage) and its cause (including pictures or other documents), measured values, date of conversion, quantity and number of spare parts;

·       "Other Contract Processing Data": Other data, which is collected in the course of the processing of our contractual relationship and the processing of which is required for this purpose or which You provide voluntarily (e.g. responses to queries of our staff).

H.3.         For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of End Customer Data, Delivery Data and Request Data:

(1) Executing the services offered through the system or provided through the system, determination and processing of service requirements, e.g. support in case of technical problems via remote access (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Maintaining and protecting the safety of our KRONE Offers, preventing and uncovering security risks or criminal acts, asserting and defending against legal claims, settling legal disputes, sending out of information about related service offerings (legal basis in this case is Article 6 paragraph 1 lit. f GDPR, in the case of the use for marketing purposes vis-à-vis end customers Article 6 paragraph 1 lit. a GDPR, where applicable);

·       Processing of Other Contract Processing Data: Fulfilment of our obligations under the contracts concluded with You, e.g. processing of Orders, providing of services and support, (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

H.4.         For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

H.5.         Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

I. KRONE MEDIA

I.1.           Explanation

Via mykrone.green (see Part B) We provide Registered Users with KRONE Media, a media center in which You can retrieve information and media content concerning KRONE products and services. Via KRONE Media You can easily access a variety of information (e.g. product data sheets, tutorials, advertising material) in different languages and different formats (e.g. PDF files, images, videos) at any time and download, save and print them, if applicable. However, no orders can be placed or service contracts concluded via KRONE Media.

I.2.           Which data do We process when You use KRONE Media?

If You use KRONE Media via mykrone.green, the processing of Your personal data by Us does not exceed the processing that occurs during the use of mykrone.green (as a Registered or an Anonymous User). This applies in particular, without limitation, to the use of cookies and plugins (see B.6.). We direct You to the data privacy information regarding mykrone.green (see Part B).

In addition to the data described in Part B, the following categories of personal data will be collected, stored and processed by Us when You use and You register as a sales partner in KRONE Media:

·       "Sales Partner Data" (when registering as a sales partner): country, salutation, name, company name, spectrum of interest, street, place, city, zip code, email address, preferred language; where applicable, department, telephone number, customer number.

I.3.            For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Sales Partner Data:

(1) Provision of media content, executing the services offered through the system or provided through the system, determination and processing of service requirements, e.g. support in case of technical problems (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Maintaining and protecting the safety of our KRONE Offers, preventing and uncovering security risks or criminal acts, asserting and defending against legal claims, settling legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR);

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

I.4.            For how long are these data processed?

Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

I.5.            Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

 

J. KRONE TRAINING

J.1.          Explanation

Via mykrone.green (see Part B), KRONE provides You with KRONE Training an electronic training portal with various technical and sales-oriented education, further education and training offers in different languages. The offers include online and attendance-based training in manageable groups, including related services, which You, as an authorized KRONE sales partner, can book or reserve for You or your employees. Furthermore, information on education, further education and training offers as well as on the qualification profile of training participants can be called up via KRONE Media. The responsible authorized KRONE sales partner can be informed about the results achieved by a training participant.

J.2.          Which data do We process when You use KRONE Training?

If You use KRONE Training via mykrone.green, the processing of Your personal data by Us is, in the first instance, the same that occurs during the use of mykrone.green as a Registered User or as an Anonymous User. This applies in particular to the use of cookies and plugins (see B.6.). We would therefore like to ask You to read the information provided for mykrone.green (see Part B).

In addition to the data described in Part B, the following categories of personal data will be collected, stored and processed by Us when You book and attend in education, further education and training courses and related services of KRONE Training:

·       "Booking Data" (when booking training offers and services by an authorized KRONE sales partner): Selection of the training offer type; details of the training participants, i.e. name, employer, function, street, city, postal code, country, email address;

·       "Participant Data" (when attending training courses and using related services): Name of the participant, employer, function, date of birth, street, city, postal code, country, email address; data on the type and scope of training courses completed and associated tests, results achieved (pass/fail, overall result of a knowledge survey) and certificates.

J.3.           For which purpose and on which legal basis (see A.4.) are these data processed?

We process the personal data described in more detail above in compliance with the provisions of the GDPR and any other applicable data protection provisions, and only to the extent necessary. In detail, the processing serves – to the extent not already explained in Part B – to fulfil the following purposes:

·       Processing of Booking Data and Participant Data:

(1) Executing the booking procedure for the training courses; fulfilment of our obligations under the contracts concluded with You, e.g. handling and providing of training and other services, processing of enquiries, determination and processing of training requirements, preparation of certificates, preparation of proof of qualification for participation in further education courses; creation of participant accounts (legal basis in this case is Article 6 paragraph 1 lit. b GDPR);

(2) Continuous optimization and development of our services, protection of our systems against cyber attacks and prosecution of detected cyber attacks, prevention and detection of security risks or criminal acts, asserting and defending legal claims, settlement of legal disputes (legal basis in this case is Article 6 paragraph 1 lit. f GDPR);

(3) Sending notifications and information on related service offers (the legal basis is then Art. 6 paragraph 1 lit. f GDPR).

To the extent that You have granted Your consent (Article 6 paragraph 1 lit. a GDPR) for certain types of processing, We will process the personal data affected by this based on that consent. To the extent that the processing of personal data is based on Article 6 paragraph 1 lit. f GDPR, the purposes mentioned above also constitute our legitimate interests.

J.4.           For how long are these data processed?

The qualifications and certificates achieved by participants are stored for life (e.g. to enable them to complete further education and training courses). Apart from that, Your data is processed only for as long as this is necessary to achieve the aforementioned processing purposes; the legal basis stated in the context of the processing purposes applies accordingly. Third parties employed by Us will store Your data on their systems for as long as it is necessary in connection with providing the services to Us in accordance with the respective mandate. Please note B.6. regarding the storage duration of cookies.

You can find more details on the storage duration under A.5.

J.5.           Are these data passed on to third parties and if yes, on which legal basis (see A.4.)?

Participant data (in particular results achieved) may be passed on to the participant's employer (legal basis is then Art. 6 paragraph 1 lit. f GDPR). Apart from that, only the categories of recipients mentioned in B.5., subject to the requirements mentioned in that provision, may be granted access to Your personal data.

 

K. FOREIGN CUSTOMERS

K.1.         Explanation

KRONE Offers are offered by KRONE to Customers all over the world, either by KRONE itself or by our local distribution partners. In particular, mykrone.green is available for all Customers worldwide in the offered versions.

To the extent that data processing done by KRONE takes place within the scope of the GDPR, the GDPR is always applicable. Due to our international orientation, We may have to observe different or additional data protection rules, if You do not order one of our KRONE Offers from Germany or use it in Germany (hereinafter: "Foreign Customer").

If You are a Foreign Customer, please note the country-specific particularities at Your respective location listed in this part, which supplement the other parts. The list is sorted alphabetically according to the country names in English.

K.2.         Australia (Australien)

In Australia, KRONE cooperates with a distribution partner, the Kubota Australia Pty Ltd., 25-29 Permas Way, AUS-3029 Truganina, Victoria (Mel 360 H9), being a processor (see A.7.) which is subject to the obligations imposed by the Privacy Act 1988 (Cth) ("Privacy Act") as an APP Entity. To the extent the Privacy Act is applicable, any references in this document to "personal data" are taken to mean "personal information" under the Privacy Act and references to "controller" are taken to mean KRONE.

KRONE will collect Your personal information via their Australian distribution partner mentioned above or other partners or when You use our web-based services or You otherwise contact us. KRONE will comply with the Privacy Act when it deals with Your personal information.

KRONE does not have, and is not legally required to have, a data protection officer in Australia under Australian law. For all queries and complaints regarding Your personal information, please contact KRONE’s Data Protection Officer identified in item A.3. or use the following Australian phone number: +61 427 907 674.

KRONE will transfer personal information outside Australia in the course of providing the KRONE Offers, including to KRONE entities. We transfer Your personal information to countries which form part of the European Union. KRONE will take reasonable steps to ensure third party recipients of the personal information comply with the requirements of the Privacy Act and will require, as a minimum, that they comply with the privacy obligations imposed by the GDPR on KRONE.

Transacting anonymously: If You choose not to identify Yourself or use a pseudonym when registering an account on or using the KRONE App, we will not be unable to process transactions for the purchase of KRONE Offers.

In A.11., the rights listed in relation to erasure, restriction of processing, data portability, objection and withdrawal of consent do not apply in full to APP Entities as our Australian distribution partner or partners. KRONE will offer these rights to You in relation to Your personal information collected by Us.

In deviance from the last item in A.11., if You wish to lodge a complaint with a supervisory authority because You are dissatisfied with our response to Your request for access to, or correction of, Your personal information or Your privacy complaint in respect of Your personal information, You may contact the Office of the Australian Information Commissioner (T: +61 1300 363 992, email enquiries@oaic.gov.au).

K.3.         Austria (Österreich)

In deviation from the last item in A.11., the competent supervision authority in Austria is: Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Wien, T: +43 152 152-2569, dsb@dsb.gv.at.

K.4.         Belgium (Belgien)

KRONE does not have, and is not legally required to have, a data protection officer in Belgium under Belgian law. For all queries and complaints regarding Your personal information, please contact KRONE’s Data Protection Officer identified in item A.3.

In deviation from the last item in A.11., the competent supervision authority in Belgium is: Autorié de la protection des données – Gegevensbeschermingsautoriteit (ADP-GBA), Anschrift: Rue de la Presse 35 – Drukperssraat 35, 1000 Bruxelles – Brussel, T: +32 2 274 48 00, F: +32 2 274 48 35, contact@adp-gba.de, https://www.autoriteprotectiondonnees.behttps://www.gegevensbeschermingsautoriteit.be.

K.5.         Croatia (Kroatien)

In deviation from the last item in A.11., the competent supervision authority in Croatia is: Croatian Data Protection Agency, address: Selska cesta 136, 10 000 Zagreb, T: +385 1 4609 000, F: +385 1 4609 099, azop@azop.hr, http://www.azop.hr

K.6.         Czech Republic (Tschechische Republik)

In deviation from the last item in A.11., the competent supervision authority in the Czech Republic is: Úřad pro ochranu osobních údajů, address: Pplk. Sochora 27, 170 00 Praha 7, Česká Republika, T: +420 234 665 111, posta@uoou.cz.

K.7.         Denmark (Dänemark)

In deviation from the last item in A.11., the competent supervision authority in Denmark is: Datatilsynet, Borgergade 28, 5, 1300 København K, T: +45 33 19 32 00, www.datatilsynet.dk.

K.8.         Finland (Finnland)

In deviation from the last item in A.11., the competent supervision authority in Finland is: Tietosuojavaltuutetun toimisto, address: Ratapihantie 9, 00520 Helsinki, T: +358 29 566 6777, tietosuoja@om.fi

K.9.         France (Frankreich)

In deviation from A.2., instead of Maschinenfabrik Bernard Krone GmbH & Co. KG the controller of the data processing is KRONE France SAS, 7 rue Philippe Lebon, Z.A. de la Fosse aux Chevaux, 78730 Saint-Arnoult-en-Yvelines, T: +33 1 61 08 60 60, F: +33 1 34 85 31 87, donneespersos@krone.fr.

In deviation from A.3., please use the following contact data for all questions regarding the data protection at Krone France SAS: T: +33 1 61 08 60 60, F: +33 1 34 85 31 87, donneespersos@krone.fr. We will be available to You for Your questions at all times.

In addition to the rights listed under A.11., You have the right at all times to decide about the fate of Your personal data after Your death (Article 85 of the French Data Protection Act). Please contact Us in this regard using the contact data provided in this Part (see above).

K.10.       Hungary (Ungarn)

In deviation from the last item in A.11., the competent supervision authority in Hungary is: Nemzeti Adatvédelmi és Információszabadság Hatóság, address: 1125 Budapest, Szilágyi Erzsébet fasor 22/C, T: +36 (1) 391 1400, ugyfelszolgalat@naih.hu.

K.11.       Ireland (Irland)

In deviation from the last item in A.11., the competent supervision authority in Ireland is: Data Protection Commission, address: 21 Fitzwilliam Square South Dublin 2, D02 RD 28, Ireland, T: +353 578 684 800 or +353 761 104 800, https://forms.dataprotection.ie/contact.

K.12.       Italy (Italien)

In deviation from A.2., instead of Maschinenfabrik Bernard Krone GmbH & Co. KG the controller of the data processing is KRONE Italia S.r.l., Via del Commercio, 33, 37060 Sommacampagna (Verona), T: +39 045 8960444, F: +39 045 8960289, info@kronit.com.

In deviation from A.3., please use the following contact data for all questions regarding the data protection at KRONE Italia S.r.l.: KRONE Italia S.r.l., Via del Commercio, 33, 37060 Sommacampagna (Verona), T: +39 045 8960444, F: +39 045 8960289, info@kronit.com. We will be available to You for Your questions at all times.

In deviation from the last item in A.11., the competent supervision authority in Italy is: Garante per la protezione dei dati personali, indirizzo: Piazza Venezia n. 11 - 00187 Roma, T: +39 06.69677.1, garante@gpdp.it.

K.13.       Netherlands (Niederlande)

In deviation from the last item in A.11., the competent supervision authority in the Netherlands is: Autoriteit Persoonsgegevens, Postbus 93374, 2509 AJ in Den Haag, T: +31 (0)88 - 1805 250, F: +31 (0)888 85 01, https://autoriteitpersoonsgegevens.nl/nl/klachtenformulier.

K.14.       New Zealand (Neuseeland)

In New Zealand, KRONE cooperates with a distribution partner, Tulloch Imports Ltd., 300 High Street, NZ 5810 Solway, Masterton, being a processor (see A.7).

For New Zealand, any references in this document to "personal data" are taken to mean "personal information" under the Privacy Act 1993 ("Privacy Act") and references to "controller" are taken to mean KRONE.

KRONE will collect Your personal information via their New Zealand distribution partner mentioned above or other partners or when You use our Websites or our web-based services or You otherwise contact Us. KRONE will comply with the Privacy Act when it deals with Your personal information.

KRONE does not have a privacy officer in New Zealand. For all queries and complaints regarding Your personal information, please contact KRONE's Data Protection Officer identified in item A.3. or use the following New Zealand phone number: +64 6 3700 39.

KRONE will transfer personal information outside New Zealand in the course of providing the KRONE Offers, including to KRONE entities. We transfer Your personal information to countries which form part of the European Union. KRONE will take reasonable steps to ensure third party recipients of the personal information comply with the requirements of the Privacy Act and will require, as a minimum, that they comply with the privacy obligations imposed by the GDPR on KRONE or the Privacy Act.

In A.11., the rights listed in relation to erasure, restriction of processing, data portability, objection and withdrawal of consent do not apply in full to agencies such as our New Zealand distribution partner or partners. KRONE will offer these rights to You in relation to Your personal information collected by Us. Under the Privacy Act, You have rights of access to and correction of personal information that We or our New Zealand distribution partner(s) hold. This can be done by contacting Us by email to the Data Protection Officer identified in item A.3.

In deviation from the last item in A.11., if You wish to lodge a complaint with a supervisory authority because You are dissatisfied with our response to Your request for access to, or correction of, Your personal information or Your privacy complaint in respect of Your personal information, You may contact the Office of the Privacy Commissioner in New Zealand (T: 0800 803 909, email investigations@privacy.org.nz).

K.15.       Norway (Norwegen)

In deviation from the last item in A.11. the competent supervisory authority in Norway is: Datatilsynet, Anschrift: P.O. Box 458 Sentrum, NO-0105 Oslo, T: +47 22 39 69 00, F: +47 22 42 23 50, postkasse@datatilsynet.no.

K.16.       Poland (Polen)

In deviation from A.5., a relevant legal provision by means of which We are obliged to retain personal data is, for instance, Article 70 of the Polish Tax Ordinance Law.

In deviation from the last item in A.11., the competent supervision authority in Poland is: Prezes Urzędu Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warszawa, https://uodo.gov.pl/pl.

K.17.       Serbia (Serbien)

In deviation from the last item in A.11., the competent supervision authority in Serbia is: Commissioner for Information of Public Importance and Personal Data Protection, address: 15, Bulevat kralja Aleksandra str, Belgrade 11120, T: +381 11 3408 900, F: +381 11 3343 379, office@poverenik.rs

K.18.       Slovak Republic (Slowakische Republik)

In deviation from the last item in A.11., the competent supervision authority in Slovakia is: Úrad na ochranu osobných údajov Slovenskej republiky, address: Hraničná 12, 820 07 Bratislava 27, Slovak Republik, T: +421 /2/ 3231 3214, statny.dozor@pdp.gov.sk

K.19.       Slovenia (Slowenien)

In deviation from the last item in A.11., the competent supervision authority in Slovenia is: Informacijski pooblaščenec, address: Dunajska cesta 22, 1000 Ljubljana, T: +01 230 97 30, gp.ip@ip-rs.si

K.20.       South Africa (Südafrika)

In South Arica, KRONE cooperates with a distribution partner, Rovic + Leers (Pty) Ltd., Saxenburg Road, Blackheath, ZA-7579 Cape Town, being a processor (see A.7.) which is subject to the obligations imposed by the Protection of Personal Information Act 4 of 2013 and the regulations promulgated thereunder ("POPIA"), to the extent that it has come into effect. To the extent that the POPIA is applicable, any references in this document to GDPR provisions relate to the respective equivalent POPIA provisions.

KRONE will collect Your personal information via their South African distribution partner mentioned above or other partners or when You use our web-based services or You otherwise contact us. KRONE will comply with the POPIA when it deals with Your personal information.

KRONE will transfer personal information outside South Africa in the course of providing the KRONE Offers, including to KRONE entities. We transfer Your personal information to countries which form part of the European Union. KRONE will take reasonable steps to ensure third party recipients of the personal information comply with the requirements of the POPIA and will require, as a minimum, that they comply with the privacy obligations imposed by the GDPR on KRONE.

KRONE does not have, and is not legally required to have, a data protection officer in South Africa under South African law. For all queries and complaints regarding Your personal information, please contact KRONE’s Data Protection Officer identified in item A.3.

In cases where the data subject is a child the consent according to A.4. item a) may also be given by a competent person.

In deviation from A.5., a relevant legal provision by means of which We are obliged to retain personal data is, for instance, Value Added Tax Act 89 of 1991.

In addition to the rights listed under A.11., You have the right to object to the processing of Your personal data, at any time, for purposes of direct marketing, other than direct marketing by means of unsolicited electronic communications referred to in Section 69 of POPIA and to object, on reasonable grounds, relating to Your particular situation, to the processing of Your personal data pursuant to Section 5(d) read with Section 11(3)(a) of POPIA.

In deviation from the last item in A.11., the competent supervision authority in South Africa is: The Information Regulator (South Africa), address: 33 Hoofd Street, Forum III, 3rd Floor Braampark, Braamfontein, Johannesburg, inforeg@justice.gov.za

K.21.       Spain (Spanien)

In deviation from the last item in A.11., the competent supervision authority in Spain is: Agencia Española de Protección de Datos, address: C/ Jorge Juan, 6, 28001 Madrid, T: 901100099, www.aepd.es

K.22.       Sweden (Schweden)

In deviation from the last item in A.11., the competent supervision authority in Sweden is: Datainspektionen, Drottninggatan 29, plan 5, 111 51 Stockholm, T: +46 8 657 61 00, datainspektionen@datainspektionen.se

K.23.       Switzerland (Schweiz)

This declaration is subject to the provisions of the GDPR and the Swiss Data Protection Act ("DSG").

In deviation from the last item in A.11., the competent supervision authority in Switzerland is: Der Eidgenössische Datenschutz- und Öffentlichkeitsbeauftragte (EDÖB), address: Feldeggweg 1, 3003 Bern, T: + 41 (0)58 465 99 96, https://edoeb.admin.ch/edoeb/de/home/der-edoeb/kontakt/kontaktformular.html.

K.24.       United Kingdom (Vereinigtes Königreich)

In deviation from A.2., instead of Maschinenfabrik Bernard Krone GmbH & Co. KG the controller of the data processing is Krone UK Ltd., Phoenix Avenue, Micklefield, Leeds LS25 4DY, T: +44 113 287 8800, F: +44 113 287 8811, service@krone-uk.com.

In deviation from the last item in A.11., the competent supervision authority in the United Kingdom is: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, T: +44 0303123 1113, dataprotectionfee@ico.org.uk.

Once the United Kingdom leaves the European Union, the GDPR will be entrenched into UK domestic law and the data protection law of the United Kingdom (Data Protection Act 2018) will continue to apply in respect to the processing of Your personal data. References contained in this KRONE Privacy Policy to the GDPR will then pertain to the corresponding provisions of the GDPR as entrenched into UK domestic law.

K.25.       United States of America (USA)

In deviation from A.2., instead of Maschinenfabrik Bernard Krone GmbH & Co. KG the controller of the personal data collected and processed in the United States is Krone North America, Inc. ("KRONE NA"), head-quartered at 12121 Forest Park Drive, Olive Branch, MS 38654, T: 662-913-7171, F: 662-913-7137; info@krone-na.com; www.krone-northamerica.com. KRONE NA also has locations in Tennessee, Nevada, Wisconsin, Idaho and California, but collects personal data described in this KRONE Privacy Policy from individuals also in other parts of the United States. If You have any questions concerning this KRONE Privacy Policy or how it applies to United States Users or to KRONE Offers accessed or purchased in the United States, please contact Us at T: 901-842-6011 or support@mykrone.green.

KRONE and KRONE NA do not have, and are not legally required to have, a data protection officer in the United States under United States law. For all queries and complaints regarding Your personal information, please contact KRONE’s Data Protection Officer identified in item A.3., or use the contact details shown above.

KRONE and KRONE NA do not intend to collect personal data from children under the age of 16. If You are under 16, please do not submit any personal data to KRONE or KRONE NA. If you believe your child is using our website or KRONE Offers, please contact Us (contact details see above) so that We can investigate and delete any personal data inadvertently collected.

KRONE NA will usually transfer the personal data collected outside the United States in the course of providing the KRONE Offers, including to KRONE entities. We transfer Your personal data to countries which form part of the European Union. KRONE will take reasonable steps to ensure third party recipients of the personal data comply with the requirements of the applicable laws and regulations and will require, at a minimum, that they comply with the privacy obligations imposed by the GDPR and the California Consumer Privacy Act (Civil Code Sections 1798.100 – 1798.199; the "CCPA") as applicable (see below).

The rights listed in A.11. do not apply to United States residents, except as provided under the CCPA to California residents, described hereafter. KRONE and KRONE NA will offer these rights to You in relation to Your personal data collected by Us. As a California resident, under the CCPA You have the right to (i) notice that personal data will be collected; (ii) request a description of the categories and specific pieces of personal data about You that We have collected and the categories of personal data about You that We may disclose for a business purpose to third parties, along with a description of the categories of third parties that may receive that personal data; (iii) opt-out of the sale of personal data; (iv) request that We delete personal data about You that We have collected; however, personal data that is needed to complete a transaction, provide the KRONE Offer(s) You have accessed, purchased, or requested, or that was reasonably anticipated within the context of our ongoing business relationship with You, or that we can otherwise retain under applicable United States laws and regulations may not be deleted. The personal data collected by KRONE and Krone NA are described in detail in this KRONE Privacy Policy. If You are a California resident, you may exercise these rights by contacting us under the contact details shown above.  We will need to verify Your identify before responding to Your request or to verify that Your request, if made through an agent, has been authorized by You. You will not be discriminated against in the provision or access of KRONE Offers for exercising these rights. KRONE may deny Your request based on enumerated statutory exceptions; We will notify You if we do so. You are allowed to issue one CCPA data request per 12-month period.

We do not sell, rent, trade, lease, or otherwise disclose Your Personal data, except as described in this KRONE Privacy Policy (see, in particular, under A.8. und B.5.) or as you explicitly consent. Third parties are not authorized by Us to use or disclose Your Personal data except as necessary to perform services on our behalf or to comply with legal requirements.

In addition to the reasons for which We may disclose Your Personal data, as set forth in B.5., We may disclose information about You if we are required to do so by law, court order, legal process, in response to lawful requests by public authorities, including law enforcement requirements, or under the discovery process in litigation or arbitration. We also reserve the right to disclose or transfer any information We have about you in the event of a proposed or actual reorganization, sale, merger, joint venture, amalgamation or any other type of acquisition, disposal or financing of all or any portion of Krone NA or of any of its assets. Should such an event take place, we will endeavour to direct the transferee to use personal data in a manner that is consistent with this KRONE Privacy Policy.

In deviation from the last item in A.11., the competent supervision authority in the United States is the Federal Trade Commission, https://www.ftc.gov, or Your State Attorney General’s Office.