Home > Privacy

MHIE Privacy Policy

MHIE Privacy Policy


This privacy policy

Welcome to the privacy policy of Mitsubishi Heavy Industries Europe, Ltd. (MHIE).

MHIE (referred to in this privacy policy as MHIE, "we" "us" or "our") takes your privacy very seriously. We ask that you read this privacy policy carefully as it contains important information about what to expect when we collect and process your personal data and how we will use your personal data. Where applicable, we process personal data in accordance with the European General Data Protection Regulation (GDPR) and the applicable local law.

It is important that you read this privacy policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing your personal information so that you are fully aware of how and why we are using your data. This privacy policy supplements any other notices and is not intended to override them.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below.

1. Data controller and how to contact us

2. Your duty to inform us of changes

3. The information we collect about you

4. How is your personal data collected?

5. How we will use your data

6. When we will disclose your data to third parties

7. Marketing

8. Cookies and other information-gathering techniques

9. How we protect your data

10. Overseas transfers

11. Your rights

This website www.mhie.com (the website) is operated by Mitsubishi Heavy Industries Europe, Ltd, a limited liability company incorporated in England and Wales under company number 02282265, of Building 11 Chiswick Park, 566 Chiswick High Road, London, W4 5YA, United Kingdom.

This website is not intended for children and we do not knowingly collect data about children.


1. Data controller and how to contact us

The following entities within MHIE are responsible for your personal data being processed in accordance with applicable data protection laws including the GDPR (General Data Protection Regulation):

UK:

  • For the processing of personal data in relation to this website, and the processing activities in the context of the MHIE Derby Office, Mitsubishi Heavy Industries Europe Ltd. (MHIE Ltd.) is the data controller (ICO registration ZA116343). The Head of the Legal Department at MHIE Ltd. is the responsible individual for overseeing questions in relation to privacy matters. If you have any questions about their processing activities, including any requests to exercise your data protection rights, please contact them using the details set out below:

    Addressee: Head of Legal

    Full name of legal entity: Mitsubishi Heavy Industries Europe, Ltd.

    Postal address: Building 11 Chiswick Park, 566 Chiswick High Road, London, W4 5YA

    Email: MHIE-GDPRqueries@mhie.com

    Tel: +44(0)20 3480 7515

Germany:

  • For data processing activities in the context of our German branches, the data controller is Mitsubishi Heavy Industries Europe Ltd., German branch office in Sonnenstraße 32, 80331 Munich, Germany.

    Our Data Protection Officer in Germany is Mr. Attorney Thorsten Feldmann, Christinenstr. 18/19, 10119 Berlin, tel.: +49 30 443 765 0, email: feldmann@jbb.de.

    If you have any questions about the processing activities of our German branch office, including any requests to exercise your data protection rights, please contact our German branch office or our data protection officer.

The Netherlands:

  • For the processing of personal data in the context of , MHIE’s Dutch branch, Mitsubishi Heavy Industries Europe, Ltd., Corrugating & Printing Machinery Division is the controller. If you have any questions about their processing activities, including any requests to exercise your data protection rights, please contact them using the details set out below.

    Address: Splijtbakweg 115, Almere, The Netherlands
    Tel: +31-36-8000000

Complaints:

  • You have the right to make a complaint at any time to the relevant local data protection authority:
    - In the UK: the Information Commissioner's Office (www.ico.org.uk).
    - In Germany: Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)(https://www.lda.bayern.de/de/)
    - In the Netherlands: the Autoriteit Persoonsgegevens, (www.autoriteitpersoonsgegevens.nl)

We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

2. Your right to rectification

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us (Art. 16 GDPR).

3. The information we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you, such as:

  • Identity Data includes first name, last name.

  • Contact Data includes company, country of residence, email address and telephone numbers.

  • Careers Data includes your job title, job application data (please see Group Privacy Notice for job applicants).

  • Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

  • Profile Data includes the product/service area(s) which interest you.

  • Usage Data includes information about how you use our website.

We may also use aggregate information and statistics for the purposes of monitoring website usage in order to help us to develop our website and our services. Aggregate information may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. We may also provide such aggregate information that is not personal data to third parties. If we do combine or connect any aggregate information with your personal data so that it can identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4. How is your personal data collected?

We may collect and process the following information about you:

  • Information that you give us. This is information about you that you give to us when visiting our website, giving us a business card (or similar), filing in forms that we ask you to complete or corresponding with us by telephone, post, email or otherwise. It may include, for example, your Identity Data, Contact Data, Careers Data and Profile Data. If you have given us your consent to the processing of personal data for certain purposes, the lawfulness of this processing is given on the basis of your consent (Art. 6 para. 1 a) GDPR). Your consent can be revoked at any time. Please note that the revocation will only take effect for the future. Processing that took place before the revocation is not affected by this.

  • Automated technologies. When you interact with our website, we automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data using cookies, server logs and other technologies. Please see section 8 below and our Cookies Notice on our website for further details.

  • Other information: We may also collect some information from other sources. For example:

    - If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you such as your Identity Data, Contact Data, Careers Data or Profile Data.

    - We sometimes collect information from third party data providers or publicly available sources for anti-money-laundering, background check and similar purposes, and to protect our business and comply with our legal and regulatory obligations.

5. How we will use your data

We have set out in the table below a description of the ways we plan to use your personal data and which legal bases we rely on to do so. We have identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To operate, manage, develop and promote our business and, in particular, our relationship with the organization you represent and related transactions (a) Identity
(b) Contact
(c) Careers
(d) Profile

Necessary for the performance of a contract or in order to take steps prior to entering into a contract (Art. 6 para. 1 b GDPR and necessary for our legitimate interests (Art. 6 para 1 f GDPR) (to operate, manage, develop and promote our business and to enable the relevant recipient within MHIE, or any related company within our corporate group, to respond to you and offer the right information, and/or product(s) and/or service(s)


To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity
(b) Contact
(c) Technical
(d) Usage

(a) Necessary for our legitimate interests pursuant to Art. 6 para. 1 f GDPR (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation pursuant to Art. 6 para. 1 c GDPR

To use data analytics to improve our website
(a) Technical
(b) Usage


Necessary for our legitimate interests pursuant to Art. 6 para. 1 f GDPR (to define types of customers for our products and services and to keep our website updated and relevant) or based on consent pursuant to Art. 6 para. 1 a GDPR.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. You can contact us for more information about this. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so (Art. 13 para. 3 and Art. 14 para. 4 GDPR).

We will retain and process your data for as long as we require it for the purposes for which it was collected or as is otherwise required by applicable law. To determine the appropriate retention period for your personal data, we consider the amount, nature and sensitivity of the personal data, the risk of potential harm from its unauthorised use or disclosure, the purposes for which we process it, whether we can achieve our purposes through other means, and the applicable legal requirements. Where necessary, we process and store your personal data for the duration of our contractual relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our contractual relationship may, depending on the individual case, be a continuing obligation for a number of years. For contractual relationships, but also for other civil law claims, the storage period also depends on the statutory limitation periods. In addition, we are subject to various storage and documentation obligations, including those arising from the applicable commercial or tax law. If you require more specific information on retention periods please ask and we will provide you with our country-specific retention schedule.

Once your personal data is no longer needed, we will securely delete or anonymise it. We may continue to use anonymised data, which cannot be associated with you, for research or statistical purposes.


6. When we will disclose your data to third parties

We will not sell, exchange or otherwise distribute your personal data to unaffiliated third parties without your consent, except to the extent required by applicable laws and regulations or our contractual relationship, or as set out in this privacy policy. We may share data we collect with any related company (or other incorporated or unincorporated entity) within our corporate group and with selected third parties including:

  • our business customers, partners, suppliers, agents, sub-contractors and service providers in order to provide our services (for example where we enter into agreements with third parties who provide services to us or on our behalf) (Art. 6 para. 1 b) and f) GDPR);

  • public bodies, authorities etc. in order to comply with applicable local law and

  • analytics and search engine providers that assist us in the improvement of our website and the services we provide (Art. 6 para. 1 f) GDPR).

We may also disclose data we collect to third parties:

  • if we undergo a change of control or any of our business or assets are sold or transferred (in which case we may disclose your data to the prospective seller or buyer);

  • if we or substantially all of our assets are acquired by a third party, in which case information held by us about our website users will be one of the transferred assets; or

  • if we are under a duty to disclose or share your information in order to comply with any legal obligation or legal process (for example, a court order), or in order to enforce or apply our contractual rights or any other agreement; in order to protect the rights, property, or safety of our website users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. Where parties qualify as data processors, we do not allow such third-parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


7. Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

Promotional offers from us. For certain enquiries about specific products and/or services, we may use your Identity, Contact and Profile Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products and/or services may be relevant for you. You will receive marketing communications from us if you have requested information from us and have not opted out of receiving that marketing.

Opting out. You can ask us to stop sending you marketing messages at any time by contacting us in accordance with section 1 above.

8.Cookies and other information-gathering technologies

Our website uses cookies. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. These cookies allow us to distinguish you from other users of our website which helps us to provide you with a good experience when you browse our website, to track your website usage behaviour for analytical purposes, and also allows us to improve our site.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

For more information on our use of cookies, see our Cookies Notice on our website.


9. How we protect your data

We will use all reasonable efforts to safeguard your personal data and we have put in place security procedures and technical and organisational measures to do so. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. However, you should be aware that the use of the Internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which is transferred from you or to you via the Internet.


10. Overseas transfers

The data you provide may be transferred to countries outside the European Economic Area (EEA), especially for the purpose of the performance of a contract, personal data may be transferred to other companies of the MHI Group based outside the EEA. Click here to see a list of the relevant MHI Group entities along with their contact details. Such countries outside of the EEA might not have similar protections in place regarding your data and restrictions on its use as set out in this privacy policy. However, we will take steps to ensure that adequate protections and appropriate safeguards are in place to keep your data secure and that any such transfers are made in strict accordance with applicable data protection laws. The data transfer only takes place on the basis of an adequacy decision of the Commission or on the basis of standard contractual clauses of the EU Commission (EU Model Clauses) or binding internal data protection regulations. All companies of the Mitsubishi Heavy Industries Group have concluded the International Data Transfer Agreement based on the EU Model Clauses. Please contact us if you want further information on (or a copy of) the specific mechanism used by us when transferring personal data out of the EEA.


11. Your rights

In some circumstances you have rights in relation to the personal data we hold about you. Please contact us using the contact details above if you wish to exercise any of these rights.

  • Request access to your personal data (commonly known as a "data subject access request" pursuant to Art. 15 GDPR). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

  • Request correction of the personal data that we hold about you (Art. 16 GDPR). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

  • Request erasure of your personal data (commonly known as the "right to be forgotten" pursuant to Art. 17 GDPR). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request

  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms (Art. 21 GDPR). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

  • Request restriction of processing of your personal data (Art. 18 GDPR). This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of your personal data to you or to a third party (Art. 20 GDPR). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

  • Withdraw consent at any time where we are relying on consent to process your personal data (Art. 7 para. 3 GDPR). However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products and/or services to you. We will advise you if this is the case at the time you withdraw your consent.

Irrespective of the foregoing, you have the right to lodge a complaint with a supervisory authority - in particular in the EU Member State where you reside, your place of work or the place where the alleged infringement is suspected - if you are of the opinion that the processing of your personal data violates the GDPR or other applicable local data protection laws (Art. 77 GDPR).

You will not usually have to pay a fee to exercise these rights but if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee (or refuse to comply with your request). We may need specific information from you to help us confirm your identity and to speed up our response; this helps keep your personal data safe and speeds up our response to your request. We try to respond to all legitimate requests within one month but this period may be longer if your request is particularly complex or you have made multiple requests; we will notify you in this case.

12. Links to other sites

Our website may contain links to other sites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. This privacy policy applies only to this website so when you access links to other sites you should read the privacy policy applicable to that site.


13.Changes to our privacy policy

We keep this privacy policy under regular review. If we change our privacy policy, we will notify you thereof, for example by posting the changes on this page, or by placing notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times.


This privacy policy was last updated in February 2020.