PERSONAL DATA PROCESSING POLICY FOR SUPPLIERS
This PERSONAL DATA PROCESSING POLICY FOR SUPPLIERS aims all business partners, independent agents, product suppliers or service providers, including their legal representatives, supplier or suppliers of SEW-EURODRIVE BRASIL LTDA., and focuses on notifying suppliers on how to handle all the personal data received or to which they have had access due to services provided or products supplied to SEW-EURODRIVE BRASIL.
With the implementation of the General Data Protection Regulation - Law No. 13.709/2018 - GDPR, we need all our suppliers to comply with the GDPR in order to continue ensuring the protection of the personal data of all individuals, hereinafter referred to as DATA HOLDERS, whose data is handled by the supplier on behalf of SEW-EURODRIVE BRASIL. If the supplier is not able to comply with this policy, it will not be able to continue its business relationship with SEW-EURODRIVE BRASIL.
Through this policy, the supplier will be informed about the minimum requirements that must be followed to process DATA HOLDERS’ personal data, without affecting the content of the contracts signed between the Suppliers and SEW-EURODRIVE BRASIL.
Data collection and sharing
In order to carry out its regular activities, SEW-EURODRIVE BRASIL may transfer PERSONAL DATA to its suppliers or request that suppliers collect PERSONAL DATA from DATA HOLDERS on their behalf, directly from these DATA HOLDERS or through publicly available databases.
When suppliers process PERSONAL DATA on behalf of SEW-EURODRIVE BRASIL, they are considered personal data operators and must only process data according to the instructions provided by SEW-EURODRIVE BRASIL, and in accordance with the provisions of this policy and the correspondent contract.
1 - Personal data processing commitments
The supplier must ensure that:
i. it has adopted and implemented and will maintain during the processing of DATA HOLDERS’ personal data, the organizational measures and security techniques to protect PERSONAL DATA against undue destruction, irregular or unauthorized sharing, accidental loss, alteration, irregular access or disclosure and/or any form of improper or unlawful personal data processing.
ii. it will not transfer any DATA HOLDERS’ PERSONAL DATA abroad, including what concerns the data storage in the cloud, unless there is a previous written authorization by SEW-EURODRIVE BRASIL.
iii. in any case, even if authorized by SEW-EURODRIVE BRASIL, the supplier will strictly observe the permissive assumptions of international transfer of PERSONAL DATA provided in the GDPR and any contractual provisions agreed between the supplier and SEW-EURODRIVE BRASIL.
iv. it will ensure compliance with the DATA HOLDERS’ principles and rights set forth in the GDPR regarding any personal data transferred abroad, under any circumstances.
v. it will help SEW-EURODRIVE BRASIL respond to demands and requests by DATA HOLDERS regarding their PERSONAL DATA processing by the suppliers, in any judicial and extrajudicial proceedings.
vi. if it realizes not being able to comply with the requirements required by the GDPR, it will immediately communicate this fact by writing to SEW-EURODRIVE BRASIL, which may, in its sole and exclusive discretion, suspend the transfer of DATA HOLDERS’ personal data and, consequently, the activities dependent on PERSONAL DATA processing.
vii. it will encrypt any sensitive PERSONAL DATA stored on portable devices, as well as all personal data requested by SEW-EURODRIVE BRASIL, within what is reasonably required.
viii. in the event of a relevant change in the rules applicable to the activities of PERSONAL DATA processing that has the potential to change its legal and contractual compliance, it will immediately notify SEW-EURODRIVE BRASIL.
ix. within 15 (fifteen) days (a) after the PERSONAL DATA are no longer necessary for the purposes of the contract signed between the supplier and SEW-EURODRIVE BRASIL, or (b) after the expiration of the contract signed between the supplier and SEW-EURODRIVE BRASIL, or, further, (c) for any reason, by decision and upon request of SEW-EURODRIVE BRASIL; it will return all DATA HOLDERS’ PERSONAL DATA to SEW-EURODRIVE BRASIL or will destroy all data under its possession or control as a result of the relationship with SEW, as requested by SEW-EURODRIVE BRASIL.
Access to SEW-EURODRIVE BRASIL systems: suppliers who, in order to carry out their activities, have access to SEW-EURODRIVE BRASIL's internal systems, agree on accessing the information contained therein solely for the performance of their activities. Such suppliers guarantee that they will not use, share, copy, delete, change and/or modify any information contained in these systems for any other purposes that are not related to the performance of the activities provided to SEW-EURODRIVE BRASIL. Suppliers must treat any information in SEW-EURODRIVE BRASIL systems with the strictest confidentiality and promptly adopt all security measures and practices informed by SEW-EURODRIVE BRASIL. Suppliers must comply with the terms of this policy without prejudice to any additional obligations provided in the correspondent contracts.
Use of messaging applications: SEW-EURODRIVE BRASIL is not responsible for the content or functionality of any personal instant messaging application used by the suppliers to carry out their activities. The supplier responsible for observing and complying with any terms of such applications, if used, agrees to fulfill his obligations of confidentiality and respect for the PERSONAL DATA holders’ privacy, in accordance with this policy and other applicable documents.
2 - Personal data holder’s rights
The supplier declares being aware of the DATA HOLDER’s rights set out in the GDPR, including the following:
• confirmation of the existence of the PERSONAL DATA processing.
• access to PERSONAL DATA.
• correction of incomplete, inaccurate or outdated PERSONAL DATA.
• anonymization, blocking or deletion of unnecessary and excessive data or data processed in violation of the provisions of the GDPR.
• PERSONAL DATA portability to another service or product provider, subject to regulation by the national authority.
• request for deletion or anonymization of PERSONAL DATA processed with the holder’s consent, except when the law authorizes the maintenance of such data for another reason.
• information about the public and private entities with which SEW-EURODRIVE BRASIL has shared and used PERSONAL DATA.
• information on the possibility of not consenting to your PERSONAL DATA processing and on the consequences of such action.
• revoking the consent, when the processing has been carried out based on the holder's consent.
The supplier will cooperate, as requested by SEW-EURODRIVE BRASIL, in allowing the company to comply with the DATA HOLDERS rights, which will include: (a) the provision of all information requested by SEW-EURODRIVE BRASIL; (b) the provision of assistance as reasonably requested by SEW-EURODRIVE BRASIL to enable the company to comply with the pertinent request within the deadlines set out by the GDPR; and (c) the implementation of any additional technical and organizational measures, as may be reasonably required by SEW-EURODRIVE BRASIL to enable the company to respond effectively to relevant complaints, communications or requests.
3 - Security Incidents
The supplier shall notify SEW-EURODRIVE BRASIL immediately after becoming aware of or reasonably suspecting of a security incident that could compromise the integrity, confidentiality and/or availability of any personal data.
The notification must contain, at a minimum: (a) a description of the nature of the affected personal data; (b) information about the involved DATA HOLDERS; (c) information on the technical and security measures used for DATA PROTECTION; (d) a description of the likely consequences and risks related to the security incident; (e) a description of the measures taken or proposed to address the security incident; and (f) a description of the measures that have been or will be taken to reverse or mitigate the effects of losses related to the security incident.
Supplier agents’ personal data processing
In order to comply with legal obligations, perform the object of the contract with the supplier, exercise its rights in legal processes and for legitimate business purposes of SEW-EURODRIVE BRASIL, such as, for example, the management of the relationship with the supplier, SEW-EURODRIVE BRASIL may collect personal data from individuals linked to the supplier.
Such personal data may include name, qualification, address, email, telephone number, identification documents, title or position, bank details, as well as publicly available information, including the ones from third-party databases, about legal representatives, employees, agents or other natural persons linked to the supplier - SUPPLIER AGENTS, relevant to the execution of the contract between the supplier and SEW-EURODRIVE BRASIL.
SEW-EURODRIVE BRASIL will keep and process these personal data for as long as necessary to fulfill the purposes mentioned above.
The supplier declares and warrants informing and disclosing to the SUPPLIER AGENTS any PERSONAL DATA processing carried out by SEW-EURODRIVE BRASIL according to this policy. SUPPLIER AGENTS may exercise their rights as DATA HOLDERS pursuant to item 3 of this Policy, by contacting us through the email - protecaodedados@sew.com.br
General provisions
SEW-EURODRIVE BRASIL has developed a corporate governance structure to deal with DATA PROTECTION issues.
Suppliers must also maintain a minimum corporate governance structure related to the control of their personal data processing activities, in the form of the GDPR.
In case of any doubts about this policy or duties related to the DATA HOLDERS’ data processing, or if the supplier is not able to comply with the provisions of the GDPR or this Policy, it should contact the SEW-EURODRIVE BRASIL DATA RESPONSIBLE through the email - protecaodedados@sew.com.br
Policy Updates
This policy may be periodically updated.
All changes must be considered as immediately applicable and effective, unless otherwise communicated by SEW-EURODRIVE BRASIL to the suppliers.
SEW-EURODRIVE BRASIL will take reasonable steps to communicate suppliers about any updates to the terms of this policy.
Other notifications and information may be sent to suppliers, in the future, informing conditions for carrying out activities for the processing of personal data shared by