Data Protection Information | Business Partner Compliance

We, DEUTZ AG (referred to as DEUTZ or we), take the protection of your personal data very seriously. For this reason, we adhere strictly to the provisions of the applicable data protection laws. We have provided you below with answers to important questions about the processing and handling of your personal data and inform you of your rights under data protection law.

DEUTZ attaches great importance to ensuring that all official and legal requirements are met and adhered to by its employees and business partners. Among other things, the focus is on compliance with the law, fair competitive behavior, and the non-tolerance of corruption or bribery. In this context, our business partners are also subjected to a more extensive compliance assessment. The assessment is based on national and international requirements - e.g. anti-corruption laws, anti-money laundering laws, and anti-terrorism laws, etc.

Consequently, DEUTZ has a legitimate interest in ensuring compliance with these statutory requirements. We therefore conduct "due diligence" reviews of our business partners at regular intervals. The personal data (master data, address and contact details) provided by our business partner in the context of these reviews is checked against global published blacklists and sanction lists and screened for general negative news to ensure that no money or other financial resources are being made available for criminal or terrorist purposes.

Therefore, the provision of the data is understood to be necessary for the establishment or continuation of the business relationship with DEUTZ. If the required data is not provided, the business relationship cannot be established or continued.

In addition, we request (at regular intervals) various key functions and their contact persons from our business partners (You) in order to keep our master data up to date and to be able to ensure that the information we are legally obliged to provide (e.g. in connection with REACH) is correctly addressed. The designation of responsible key functions provides information about the importance of the respective topic in your company and is included in the assessment. Personal data is not mandatory for this and can be anonymized (N.A.).

Access to personal data is provided only to those persons and departments within DEUTZ that need this data in order to meet our contractual and legal obligations.

DEUTZ uses a cloud-based software solution, Compliance Solutions GmbH, to perform the business partner check. It has entered into an agreement on commissioned processing.

The personal data of members of the business partner's governing bodies and its employees in key positions that is provided by the business partner will be stored for three years after the end of the business relationship.

DEUTZ has taken appropriate technical and organizational measures to sufficiently protect the data against unauthorized access as well as accidental destruction or loss.

Data subjects by the business partner review have the right to request information from DEUTZ at any time about their personal data, to obtain the data in a structured, machine-readable format, and to send this data to a different controller. They can also demand that the data be corrected or erased and that the processing of the data be restricted. Furthermore, they have the right to object at any time, on grounds relating to their particular situation, to the processing of the data.

To exercise the aforementioned rights, the data subjects can contact the controller directly (businesspartnerdeutzcom).

If you have any questions about how DEUTZ handles your personal data, please contact the DEUTZ AG data protection officer (datenschutzdeutzcom).

You also have the option to lodge a complaint with a supervisory authority. However, we would be grateful if you contacted us in the first instance so that we can try to resolve your complaint.

The competent data protection supervisory authority responsible for us is: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestraße 2-4, 40213 Düsseldorf.

A transfer to recipients in third countries without an adequate level of data protection will only take place if an adequate level of data protection is guaranteed (Art. 44 et seq. DSGVO).

The following are deemed to be sufficient guarantees: