Data Protection - Customer

As a rule:

•  your essential personalization information;
•  information of the company you represent;
•  your contact details;

Depending on your activity:

•  technical identifiers;
•  consents you have given to us;
•  behavioural data (e.g. how you have used our digital services);
•  your payment information;

Examples of data attributes include:

• your first and last name
• job role and title
• company name
• job related address, e-mail, phone number
• usernames and passwords
• direct marketing consents
• behavioural data from our websites, reactions to our direct marketing emails
• travel information and preferences
• information enabling credit card payments

For Chinese customer contacts, below personal data will be processed:

• Full name
• Salutation (gender)
• Company email address
• Personal email address
• Job position or title
• Phone number
• Mobile number
• Fax number
• Company name
• Usernames and passwords
• Cookie (including internet protocol (IP) address, your computer’s operating system, your browser type and the address of any referring sites)
• Home address
• Account/Username of data subject (e.g. WeChat account, QQ account, Tik Tok account, etc)
• Passport and/or ID for business trip (may be sensitive personal data)
• Itinerary and/or accommodation for business trip (may be sensitive personal data)

Konecranes Plc (established in Finland and being the parent company of Konecranes Group) has the overall responsibility and supreme decision-making power. Konecranes Global Corporation (established in Finland) has the limited responsibility for Konecranes Group centralized IT systems/applications (incl. subcontracting) as well as international transfers of personal data outside EU/EEA

You can contact us by sending an email to data.protection(a)konecranes.com

For Chinese customer contacts, please note:

We have a lawful right to process your personal data based on our legitimate interest to conduct business with the company you represent.

For Chinese customer contacts, normally the legal basis for processing their personal data is consent. While under the relevant laws, we do not require your consent to process your personal data when:

• the processing is necessary for the conclusion or performance of a contract to which the individual is a contracting party or for conducting human resource management under the labor rules and policies developed in accordance with the laws and a collective contract signed in accordance with the laws;
• the processing is necessary to fulfill statutory functions or statutory obligations;
• the processing is necessary to respond to public health emergencies or protect the life, health or property safety of natural persons under emergency circumstances;
• personal data is processed within a reasonable scope to conduct news reporting, public opinion-based supervision, or other activities in the public interest;
• the personal data that has been disclosed by the individuals themselves or other personal data that has been legally disclosed is processed within a reasonable scope in accordance with the Laws; or
• under any other circumstance as provided by any law or administrative regulation.

Generally, we need to process your personal data in order to enable successful direct and indirect business transactions with the company you represent - such as receipt of orders and delivery of products and services (direct) as well as development of our internal processes and systems to support these transactions (indirect).
In detail, we use your personal data for the following purposes:
1) Business development and reporting;
2) Quality management;
3)  Research and development of products and services;
4)  Production, management, maintenance and research and development of processes, IT services and infrastructure;
5) Marketing activities;
6) Sales activities;
7) Customer relationship management ("CRM");
8) Manufacturing of products;
9) Delivery of products and services
 (incl. access to Konecranes Group digital channels and records of product/service training completed by the customer contacts);
10)  Invoicing, taxation and related financial transactions; and
11)  Ensuring the integrity of Konecranes Group business environment and processes (incl. system/security monitoring for the prevention or inspection of misuse as the case may require);
12) Background studies of customers (incl. customer contacts as necessary);
13) Organizing events;
14) Ensuring personnel safety  (incl. customer contacts);  and
15) Archiving of non-active personal data in the scope of other purposes of uses and defined retention rules;

16) Fulfilling and/or defending the rights and obligations of the company;

We may use your personal data also to improve customer experience and to develop products and services by analysing your interests. Based on data collected in connection to our communications and interactions with you, we may analyse needs for further customer relationship management and/or sales related activities.
We may categorize customers and customer contact persons based on the data collected to better target our services to you. This may include targeting of marketing, satisfaction surveys and sales related communications. Categorization of customers is partly based on automated decision-making. For instance, we may categorize you automatically based on your reactions regarding our marketing messages. However, our automated decision-making does not produce legal or similarly significant effects concerning you. Our categorization occurs on a general level and we only use limited number of your personal data for categorization purposes.

For China customer contacts-

The processing purpose of your personal data are:

The processing purposes of your sensitive personal data are:

The necessity of our processing of your sensitive personal data:

The impact of our processing of your sensitive personal data on data subjects’ personal rights and interests: Misuse of the personal data by a third party, resulting in damage to data subject’s privacy and personal dignity or suffering damages to bodily or property safety in case of accidental leakage of such sensitive personal data.

The processing method of your personal data (including sensitive personal data) includes collection, storage, usage, transmission, provision, and deletion.

Our use of your personal data enables and supports you for its part in fulfilling your employment duties related to business transactions between us and the company you represent.

You have always the right to:

• Object the processing of your personal data on the grounds of our legitimate interest; and
  • "HOWEVER, AS REQUIRED BY MANDATORY DATA PROTECTION LAWS, KONECRANES HAS ALREADY IN ADVANCE COMPLETED A THOROUGH BALANCE TEST ASSESSING YOUR RIGHTS AND KONECRANES BENEFITS THUS TAKING DULY INTO ACCOUNT AND SECURING YOUR RIGHTS AND FREEDOMS IN PERSONAL DATA PROCESSING."
• Opt-out from receiving any of our direct marketing messages and materials.

At any time, you have also the right to:

• Gain access to your personal data;
• Verify the accuracy of your personal data;
• At your request, have your incomplete, inaccurate or outdated personal data amended, modified or erased; and
• Under certain circumstances, restrict the processing of your personal data;
• Under certain circumstances, be forgotten by us; and
• Lodge a complaint with a supervisory authority.

You can exercise these rights by sending us email to data.protection(a)konecranes.com or by filling out the form in

For Chinese customer contacts, the data subjects also have the below legal rights under China data protection laws:

As required by mandatory data protection laws, we have completed a thorough analysis concerning the risks potentially caused by our Customer Contact Data processing to your rights and freedoms.

As with any data processing, certain risks are possible also in ours relating mainly to

• the level of  confidentiality of your personal data;
• general data security matters; and 
• your inability to access our systems and services.

However, severities of these risks have been recognized to be low and having a remote possibility only. Moreover, we mitigate these risks actively i.a.by:

• continuously training our personnel,
• providing and developing detailed instructions; and
• implementing and enhancing our data security practices.

We collect your personal data:

• directly from you e.g. when you register to our digital services or participate in a sales meeting or have a phone call with us;
• from your superiors or colleagues;
• from our own employees or business partners; and
• to a limited extent by observing your behaviour in our digital services.

Yes, depending on the case we may transmit your personal data outside EU/EEA:

• In doing so we rely either on EU Commission adequacy decisions or EU Commission standard contractual clauses (of type controller to processor, EU Commission decision 2010/87/EU) as appropriate or suitable safeguards for such international data transfers.

• inside our group of companies but also to our external business partners who provide services to us.

Your personal data may be transferred to following countries for processing:

• Australia
• Austria
• Bangladesh
• Belgium
• Brazil
• Canada
• Chile
• China
• Czech Republic
• Denmark
• Estonia
• Finland
• France
• Germany
• Greece
• Hungary
• India
• Indonesia
• Italy
• Japan
• Korea
• Latvia
• Lithuania
• Malaysia
• Mexico
• Morocco
• Netherlands
• New Zealand
• Norway
• Peru
• Philippines
• Poland
• Portugal
• Qatar
• Romania
• Russia
• Saudi Arabia
• Singapore
• Slovakia
• Slovenia
• South Africa
• Spain
• Sweden
• Switzerland
• Thailand
• Turkey
• Ukraine
• United Kingdom
• United Arab Emirates
• United States of America
• Vietnam

We use reliable subcontractors to provide us e.g. with IT services enabling our personal data processing - these services include, without limitation, provision of different infrastructure, software and applications utilized routinely in contact data processing within global groups of companies.

• Following mandatory data protection legislation, we always require our personal data service providers to enter into binding data processing agreements (e.g. as required by the EU GDPR) with us.

As a rule, we do not disclose your data out of our effective control except if so required by the law in case a court or the police or other law enforcement agency has asked us for it.

Additionally, your data may be disclosed in a limited manner to our trusted business partners.

Your personal data is protected by technical and organizational measures against accidental and/or unlawful access, alteration, destruction or other processing including unauthorized disclosure and transfer of your personal data.

Such measures include but are not necessarily limited to proper firewall arrangements, appropriate encryption of telecommunication and messages as well as use of secure and monitored equipment and server rooms. Data security is of special concern when third parties (e.g. data processing subcontractors) providing and implementing IT systems and services are retained.

Data security requirements are duly observed in IT system access management and monitoring of access to IT systems. Personnel processing your personal data as part of their tasks is trained and properly instructed in data protection and data security matters.

At most ten (10) years after the last business activity where you have been involved.

Additionally, as the case may require, we may have to extend your personal data retention on the grounds of establishment, exercise or defence of legal claims or execution of our internal investigations.

For China customer contacts –

It is not statutory to provide your personal data, but certain personal data is required to execute or enter into a business activity (such as business contract) with us.