采埃孚售后(ZF Aftermarket) -

您的合作伙伴无论您身在何处

你在这里:
中国 (中文)

如果您所在的国家或地区没有被列出,请选择“其他国家或地区”访问采埃孚售后官方网站

所有采埃孚售后网站

更改为其他售后网站 (ZF Aftermarket)

您正在寻找采埃孚公司的企业信息吗?

敬请访问我们的集团网站

Note

The page you are navigating to is not optimized for mobile devices.
Do you want to proceed?

Proceed

中国

General Data Protection Notice for Customers and Business Partners
针对客户和业务合作伙伴的通用数据保护通知

I. Introduction and scope

一、 介绍和范围

This General Data Protection Notice (the “Notice”) applies to the processing of personal data by ZF Friedrichshafen AG and its EU-based affiliates as part of the worldwide ZF Group (“ZF Group”). For purposes of this Notice, affiliates means any company with respect to which ZF Friedrichshafen AG owns, directly or indirectly, more than 50% of the shares, together ZF (“ZF”).

本《通用数据保护通知(“通知”)》适用于采埃孚股份公司及其欧盟分支机构(作为采埃孚集团全球范围内的一部分)对个人数据的处理。就本通知而言,分支机构指采埃孚股份公司直接或间接拥有超过 50% 股份的任何公司,统称采埃孚 ("ZF")。

ZF considers protecting the personal data of all customers and business partners to be an important priority. This includes consumers as end-use customers and employees of our business partners in their role as contact persons and representatives in the context of a business relationship.

采埃孚把保护所有客户和业务合作伙伴的个人数据看作是重中之重。这包括作为最终客户的消费者,以及我们业务合作伙伴的员工,后者在业务关系中扮演联系人和代表的角色。

ZF is committed to processing Personal Data responsibly and in compliance with the applicable data protection laws in all countries in which ZF operates. This Notice describes the types of Personal Data ZF collects, how ZF uses that Personal Data, with whom ZF shares your Personal Data, and the rights you, as a Data Subject, have regarding ZF’s use of the Personal Data. This Notice also describes the measures ZF takes to protect the security of the data and how you can contact us about our data protection practices.

采埃孚承诺负责任地处理个人数据,并遵守采埃孚运营所在国家/地区适用的数据保护法律。本通知描述了采埃孚收集的个人数据类型、采埃孚如何使用该个人数据、采埃孚与谁共享您的个人数据以及您作为数据主体在采埃孚个人数据使用方面的相关权利。本通知还介绍了采埃孚为保护数据安全所采取的措施,以及如何与我们联系以了解我们的数据保护措施

II. Contact details of the Data Controllers

二、 数据控制方的联系方式

The legal entities responsible for the collection and use of your Personal Data (the “Data Controllers”) in your home country for the purposes described in this Notice are contained in the attached General Data Protection Notice.

在您所在国家出于本通知所述目的负责收集和使用您的个人数据的法人实体(“数据控制方”)包含在附件中 通用数据保护通知

III. Contact details of the Data Protection Officer

三、 数据保护官的联系方式

A Data Protection Officer (“DPO”) is designated for each legal entity where required by applicable law. The DPO is involved in all issues related to the protection of your Personal Data. In particular, the DPO is in charge of monitoring and ensuring compliance with this Notice and the applicable data protection laws. For any comments or questions you may have regarding this Notice, please contact the ZF Group Coordinator for data protection, who is also the DPO of ZF Friedrichshafen AG, Ms. Silke Wolf, at the following address:

根据适用法律的要求,为每个法人实体指定数据保护官 ("DPO")。DPO 参与与您个人数据保护相关的所有事项。特别是,DPO 负责监督并确保遵守本通知和适用的数据保护法律。如果您对本通知有任何意见或疑问,请联系采埃孚集团数据保护协调员——同时也是采埃孚股份公司的 DPO——Silke Wolf 女士,地址如下:

Silke Wolf

ZF Friedrichshafen AG

Corporate Headquarters / ZF Forum

Löwentaler Straße 20

88046 Friedrichshafen

Germany

德国

You may also contact the ZF Group Coordinator for data protection by e-mail under dataprotection@zf.com.

您也可以通过电子邮件联系采埃孚集团数据保护协调员,地址:dataprotection@zf.com。

IV. Categories of Personal Data processed

四、 所处理的个人数据类别

We process the following Personal Data for a number of business purposes that we list further below:

出于诸多业务目的,我们处理以下方面的个人数据:

• Contact information of customers and business partners’ contact persons, such as first name, family name, address, email address, phone number, fax number, company name, job title, function, department, management level, line manager;

• 客户和业务合作伙伴联系人的联系信息,如姓名、地址、电子邮件地址、电话号码、传真号码、公司名称、职称、职能、部门、管理级别、直线经理;

• Contract information of consumers (provided they are end-use customers) including financial data such as bank account information, creditworthiness, terms of payment and financing; and

• 消费者的合同信息(前提是他们是最终客户),包括银行账户信息、信誉、支付条款和筹资等财务数据,以及

financing; and

• Data from an end-use customer’s vehicle consisting of the vehicle identification number (VIN), the license plate number, as well as transmission records related to individual driving.

The Personal Data processed is limited to the data necessary for carrying out the business purpose for which such Personal Data is collected. ZF will maintain Personal Data in a manner that ensures it is accurate, complete and up-to-date.

来自最终客户车辆的数据,包括车辆识别号 (VIN),车牌号以及与个人驾驶相关的传输记录。

ZF will collect the Personal Data as a general rule directly from the Data Subject. However, in line with legal provisions, data may also be collected from third parties. In particular, this applies to data regarding an end-use customer’s vehicle in the event that automotive manufacturers return to ZF products that have been sold to them to be incorporated in their vehicles.

处理的个人数据仅限于执行业务目的所必须收集的数据。采埃孚在个人数据维护方面确保其准确性、完整性且保持最新状态。

V. Purposes of data processing and legal bases

五、 数据处理的目的及法律依据

ZF processes Personal Data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. ZF will not use Personal Data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.

采埃孚根据适用的数据保护法律和法规处理个人数据,仅用于有限、明确和合法的目的。采埃孚不会将个人数据用于与其收集的原始目的不相容的任何目的,除非您事先明确同意进一步的使用。

Personal Data relating to customers and business partners may be processed for the purposes of:

与客户和业务合作伙伴相关的个人数据可能会被处理以用于:

• Managing commercial relationships and strategies with current and potential customers as well as business partners such as vendors and suppliers;

• 管理与现有和潜在客户以及供应商等业务合作伙伴的商业关系和战略;

• Carrying out promotional and marketing operations;

• 开展宣传和营销活动;

• Managing ZF’s external accounting, tax and treasury systems;

• 管理采埃孚的外部会计、税务和财务系统;

• Managing ZF’s IT customer relationship and service operations;

• 管理采埃孚的 IT 客户关系和服务运营;

• Conducting quality audits, assessments and complaint management;

• 进行质量审核、评估和投诉管理;

• Managing product research and development (“R&D”); and

• 管理产品研发(“R&D”);以及

• Product support and maintenance, failure diagnostic and identification of fault patterns.

• 产品支持和维护、故障诊断和故障模式识别。

The legal bases for the purposes listed above are the underlying contract with a customer or business partner, the request of a Data Subject in a pre-contractual situation allowing ZF to take steps prior to entering into a contract, or applicable legal provisions, e.g. the Tax Code or the Product Liability Act. Further, Personal Data of our customers and business partners (including their contact persons and sales representatives) will be processed for the purposes of ZF’s legitimate business interests consisting of customer relationship management, quality assurance, complaints management, marketing and promotional activities and only as long as ZF’s legitimate interests are not overridden by the Data Subject’s interests or fundamental rights and freedoms or if Data Subjects have given their consent to do so.

上述目的的法律依据是与客户或业务合作伙伴签订的基本合同,签订合同前数据主体允许采埃孚在签订合同之前采取措施的请求,或适用的法律规定,例如:税法或产品责任法。此外,我们的客户和业务合作伙伴(包括其联系人和销售代表)的个人数据将被处理,处理目的为采埃孚的合法商业利益,包括客户关系管理、质量保证、投诉管理、营销和促销活动,并且前提是采埃孚的合法利益不会被数据主体的利益或基本权利和自由所推翻,或已经取得数据主体的同意。

ZF ensures that our internal governance procedures clearly specify the reasons behind decisions to use Personal Data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

采埃孚确保我们的内部管理程序明确说明将个人数据用于其它处理目的的决策原因。如果要将您的个人数据用于最初收集目的以外的目的,则您将事先被告知此新目的。

VI. Data Security

六、 数据安全

ZF has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the Data Subject, costs of implementation, and the nature, scope, context and purposes for data processing.

采埃孚实施了适当的技术和组织措施,以确保适合相应风险的安全级别,此类风险分析包括分析数据主体权利受损风险、实施成本以及数据处理的性质、范围、背景和目的。

The measures include

措施包括

(i) encryption of personal data where applicable/appropriate;

(一)适用/适当的情况下加密个人数据;

(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(二)有能力确保处理系统和服务的持续机密性、完整性、可用性和适应性;

(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(三)有能力在发生物理或技术事故时及时恢复个人数据的可用性和访问;以及

(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

(四)实施流程,以定期测试和评估技术和组织措施的有效性从而确保处理的安全性。

VII. Recipients of Personal Data

七、 个人资料的接收者

VII. Recipients of Personal Data

ZF Friedrichshafen AG is the corporate headquarter of the ZF Group. Due to shared corporate IT systems within the ZF Group and because of the international nature of our business, Personal Data collected and processed by ZF Friedrichshafen AG and its subsidiaries (“ZF legal entities”) can be shared with or accessed by other ZF legal entities of the ZF Group for the purposes above. A data transfer to ZF legal entities outside of the EU will only occur under the provisions for international data transfers laid out in Section VIII of this Notice (see below). An overview of the ZF legal entities that are part of the ZF Group can be found at:

采埃孚股份公司是采埃孚集团的企业总部。由于采埃孚集团内部共享的企业 IT 系统以及我们业务的国际性,出于上述目的,采埃孚股份公司及其子公司(“采埃孚法人实体”)收集和处理的个人数据可与其他采埃孚法人实体共享或共享访问权。向欧盟以外的采埃孚法人实体进行数据传输只能根据本通知第八部分规定的国际数据传输规定进行(见下文)。可以在此找到属于采埃孚集团的采埃孚法人实体概览:

https://www.zf.com/locations

Collected Personal Data will only be transferred to carefully selected data processors acting on the basis of ZF’s instructions to comply with the applicable legal and contractual obligations. ZF will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the function for which such access is granted. Authorization to access Personal Data will always be linked to the function so that no authorization will be extended to access Personal Data on a personal basis. Service providers and other data processors will only receive Personal Data according to the purposes of the service agreement with ZF.

收集的个人数据只会根据采埃孚在遵守适用的法律和合同义务方面的指示转移到精心挑选的数据处理者。采埃孚仅在需要知道的情况下授予对个人数据的访问权限,并且此类访问将仅限于执行授予职能所必需的个人数据。针对个人数据访问的授权将始终与相应职能相关联,不会扩大至个人名义的访问。服务提供商和其他数据处理者只可根据与采埃孚所签订服务协议中说明的目的接收个人数据。

VIII. International data transfers

八、 国际数据传输

International data transfers refer to transfers of Personal Data outside of the European Economic Area (“EEA”). The international footprint of ZF involves the transfer of Personal Data to and from other group companies or third parties, which may be located outside the EEA, including the United States of America. ZF will ensure that Personal Data is

国际数据传输是指在欧洲经济区 ("EEA") 之外的个人数据传输。采埃孚的国际活动涉及向其他集团公司或第三方转移个人数据,这些公司或第三方可能位于欧洲经济区以外,包括美利坚合众国。采埃孚将确保根据欧盟委员会的规范将个人数据传输到具有足够数据保护标准的国家/地区。或者,数据仅在实施适当的保护措施后转移,以充分保护个人数据并确保此类数据传输符合适用的数据保护法律。采埃孚所实施的数据传输协议基于欧盟模式条款,以覆盖国际数据传输。可以联系采埃孚集团数据保护协调员以获得这些协议的副本(参见上文第三部分)。

IX. Retention of Personal Data

九、 保留个人数据

ZF will not retain your Personal Data for longer than is allowed under the applicable data protection laws and regulations or for longer than is justified for the purposes for which it was originally collected. As a general rule, collected data will be deleted as soon as there no longer exists a business relationship with the customer/business partner or in the event of communication inactivity for the duration of a period of 2 years. However, collected data may be subject to retention requirements pursuant to applicable legal provisions. In other cases, Personal Data may be stored and retained for as long as the statutory period of limitations with regards to legal claims against ZF has not expired.

采埃孚对您个人数据保留的时间不会超过适用的数据保护法律和法规所允许的时间,也不会超过其最初收集目的所需的合理时间。一般情况下,一旦与客户/业务合作伙伴不再存在业务关系,或者在 2 年内没有通讯交流的情况下,收集的数据将被删除。但是,根据适用的法规,收集的数据可能需要遵守保留要求。在其他情况下,只要与针对采埃孚的法律要求相关的法定时效尚未过期,就可以存储和保留个人数据。

X. Data protection rights

十、 数据保护权利

Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time by contacting the ZF Group Coordinator for data protection (see Section III. above):

根据适用的数据保护法,您享受以下权利。您可以随时联系采埃孚集团数据保护协调员,以行使这些权利(参见上文第三部分):

• Right to access to, rectification and erasure of Personal Data;

• 访问、纠正和删除个人数据的权利;

• Right to restriction of processing;

• 限制处理的权利;

• Right of data portability to the extent applicable;

• 适用范围内的数据转移权利;

• Right to withdraw consent where the processing is based on consent;

• 在需要同意才能进行处理的情况下撤销同意的权利;

• Right to lodge a complaint with the supervisory authority and

• 向监管机构提出投诉的权利以及

• Right to object to processing.

• 反对处理的权利。

XI. Notice Compliance and Contact Information

十一、 通知合规性和联系信息

Monitoring and ensuring compliance of the Personal Data processing within ZF with this Notice and applicable data protection laws and regulations is the responsibility of the ZF Group Coordinator for data protection and of your local DPO, where applicable.

采埃孚集团数据保护协调员和您当地的 DPO(如果适用)负责监控并确保采埃孚内部的个人数据处理符合本通知和适用的数据保护法律和法规。

You may contact the ZF Group Coordinator for data protection with regard to any issue related to processing of your Personal Data and to exercise your rights as mentioned above.

就任何与您个人数据处理相关的事项,您都可以联系采埃孚集团数据保护协调员,以行使您上述的权利。

XII. Miscellaneous

十二、 其他

This Notice will be effective as of 25 May 2018 and will be applicable to ZF (see Section I. above for a precise definition of the scope).

本通知自 2018 年 5 月 25 日起生效,适用于采埃孚(有关范围的精确定义,请参见上文第一部分)。

This Notice may be revised and amended from time to time and appropriate notice about any amendments will be given.

本通知可能会不时修订和修改,并会对有关任何修改进行适当的通知。

ZF is allowed to adapt the text of this Notice only in order to be compliant with local legislation by means of an addendum attached to this Notice. In case of any discrepancies between this Notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.

只有在为了符合当地立法的情况下,采埃孚才被允许对本通知文本进行调整,调整形式为给本通知加上附录。

如果本通知与根据当地法律制定的特定当地附录之间存在任何差异,则以后者的条款为准。

Download PDF

I. Introduction and scope

一、 介绍和范围

This General Data Protection Notice (the “Notice”) applies to the processing of personal data by ZF Friedrichshafen AG and its EU-based affiliates as part of the worldwide ZF Group (“ZF Group”). For purposes of this Notice, affiliates means any company with respect to which ZF Friedrichshafen AG owns, directly or indirectly, more than 50% of the shares, together ZF (“ZF”).

本《通用数据保护通知(“通知”)》适用于采埃孚股份公司及其欧盟分支机构(作为采埃孚集团全球范围内的一部分)对个人数据的处理。就本通知而言,分支机构指采埃孚股份公司直接或间接拥有超过 50% 股份的任何公司,统称采埃孚 ("ZF")。

ZF considers protecting the personal data of all customers and business partners to be an important priority. This includes consumers as end-use customers and employees of our business partners in their role as contact persons and representatives in the context of a business relationship.

采埃孚把保护所有客户和业务合作伙伴的个人数据看作是重中之重。这包括作为最终客户的消费者,以及我们业务合作伙伴的员工,后者在业务关系中扮演联系人和代表的角色。

ZF is committed to processing Personal Data responsibly and in compliance with the applicable data protection laws in all countries in which ZF operates. This Notice describes the types of Personal Data ZF collects, how ZF uses that Personal Data, with whom ZF shares your Personal Data, and the rights you, as a Data Subject, have regarding ZF’s use of the Personal Data. This Notice also describes the measures ZF takes to protect the security of the data and how you can contact us about our data protection practices.

采埃孚承诺负责任地处理个人数据,并遵守采埃孚运营所在国家/地区适用的数据保护法律。本通知描述了采埃孚收集的个人数据类型、采埃孚如何使用该个人数据、采埃孚与谁共享您的个人数据以及您作为数据主体在采埃孚个人数据使用方面的相关权利。本通知还介绍了采埃孚为保护数据安全所采取的措施,以及如何与我们联系以了解我们的数据保护措施

II. Contact details of the Data Controllers

二、 数据控制方的联系方式

The legal entities responsible for the collection and use of your Personal Data (the “Data Controllers”) in your home country for the purposes described in this Notice are contained in the attached General Data Protection Notice.

在您所在国家出于本通知所述目的负责收集和使用您的个人数据的法人实体(“数据控制方”)包含在附件中 通用数据保护通知

III. Contact details of the Data Protection Officer

三、 数据保护官的联系方式

A Data Protection Officer (“DPO”) is designated for each legal entity where required by applicable law. The DPO is involved in all issues related to the protection of your Personal Data. In particular, the DPO is in charge of monitoring and ensuring compliance with this Notice and the applicable data protection laws. For any comments or questions you may have regarding this Notice, please contact the ZF Group Coordinator for data protection, who is also the DPO of ZF Friedrichshafen AG, Ms. Silke Wolf, at the following address:

根据适用法律的要求,为每个法人实体指定数据保护官 ("DPO")。DPO 参与与您个人数据保护相关的所有事项。特别是,DPO 负责监督并确保遵守本通知和适用的数据保护法律。如果您对本通知有任何意见或疑问,请联系采埃孚集团数据保护协调员——同时也是采埃孚股份公司的 DPO——Silke Wolf 女士,地址如下:

Silke Wolf

ZF Friedrichshafen AG

Corporate Headquarters / ZF Forum

Löwentaler Straße 20

88046 Friedrichshafen

Germany

德国

You may also contact the ZF Group Coordinator for data protection by e-mail under dataprotection@zf.com.

您也可以通过电子邮件联系采埃孚集团数据保护协调员,地址:dataprotection@zf.com。

IV. Categories of Personal Data processed

四、 所处理的个人数据类别

We process the following Personal Data for a number of business purposes that we list further below:

出于诸多业务目的,我们处理以下方面的个人数据:

• Contact information of customers and business partners’ contact persons, such as first name, family name, address, email address, phone number, fax number, company name, job title, function, department, management level, line manager;

• 客户和业务合作伙伴联系人的联系信息,如姓名、地址、电子邮件地址、电话号码、传真号码、公司名称、职称、职能、部门、管理级别、直线经理;

• Contract information of consumers (provided they are end-use customers) including financial data such as bank account information, creditworthiness, terms of payment and financing; and

• 消费者的合同信息(前提是他们是最终客户),包括银行账户信息、信誉、支付条款和筹资等财务数据,以及

financing; and

• Data from an end-use customer’s vehicle consisting of the vehicle identification number (VIN), the license plate number, as well as transmission records related to individual driving.

The Personal Data processed is limited to the data necessary for carrying out the business purpose for which such Personal Data is collected. ZF will maintain Personal Data in a manner that ensures it is accurate, complete and up-to-date.

来自最终客户车辆的数据,包括车辆识别号 (VIN),车牌号以及与个人驾驶相关的传输记录。

ZF will collect the Personal Data as a general rule directly from the Data Subject. However, in line with legal provisions, data may also be collected from third parties. In particular, this applies to data regarding an end-use customer’s vehicle in the event that automotive manufacturers return to ZF products that have been sold to them to be incorporated in their vehicles.

处理的个人数据仅限于执行业务目的所必须收集的数据。采埃孚在个人数据维护方面确保其准确性、完整性且保持最新状态。

V. Purposes of data processing and legal bases

五、 数据处理的目的及法律依据

ZF processes Personal Data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. ZF will not use Personal Data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use.

采埃孚根据适用的数据保护法律和法规处理个人数据,仅用于有限、明确和合法的目的。采埃孚不会将个人数据用于与其收集的原始目的不相容的任何目的,除非您事先明确同意进一步的使用。

Personal Data relating to customers and business partners may be processed for the purposes of:

与客户和业务合作伙伴相关的个人数据可能会被处理以用于:

• Managing commercial relationships and strategies with current and potential customers as well as business partners such as vendors and suppliers;

• 管理与现有和潜在客户以及供应商等业务合作伙伴的商业关系和战略;

• Carrying out promotional and marketing operations;

• 开展宣传和营销活动;

• Managing ZF’s external accounting, tax and treasury systems;

• 管理采埃孚的外部会计、税务和财务系统;

• Managing ZF’s IT customer relationship and service operations;

• 管理采埃孚的 IT 客户关系和服务运营;

• Conducting quality audits, assessments and complaint management;

• 进行质量审核、评估和投诉管理;

• Managing product research and development (“R&D”); and

• 管理产品研发(“R&D”);以及

• Product support and maintenance, failure diagnostic and identification of fault patterns.

• 产品支持和维护、故障诊断和故障模式识别。

The legal bases for the purposes listed above are the underlying contract with a customer or business partner, the request of a Data Subject in a pre-contractual situation allowing ZF to take steps prior to entering into a contract, or applicable legal provisions, e.g. the Tax Code or the Product Liability Act. Further, Personal Data of our customers and business partners (including their contact persons and sales representatives) will be processed for the purposes of ZF’s legitimate business interests consisting of customer relationship management, quality assurance, complaints management, marketing and promotional activities and only as long as ZF’s legitimate interests are not overridden by the Data Subject’s interests or fundamental rights and freedoms or if Data Subjects have given their consent to do so.

上述目的的法律依据是与客户或业务合作伙伴签订的基本合同,签订合同前数据主体允许采埃孚在签订合同之前采取措施的请求,或适用的法律规定,例如:税法或产品责任法。此外,我们的客户和业务合作伙伴(包括其联系人和销售代表)的个人数据将被处理,处理目的为采埃孚的合法商业利益,包括客户关系管理、质量保证、投诉管理、营销和促销活动,并且前提是采埃孚的合法利益不会被数据主体的利益或基本权利和自由所推翻,或已经取得数据主体的同意。

ZF ensures that our internal governance procedures clearly specify the reasons behind decisions to use Personal Data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

采埃孚确保我们的内部管理程序明确说明将个人数据用于其它处理目的的决策原因。如果要将您的个人数据用于最初收集目的以外的目的,则您将事先被告知此新目的。

VI. Data Security

六、 数据安全

ZF has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the Data Subject, costs of implementation, and the nature, scope, context and purposes for data processing.

采埃孚实施了适当的技术和组织措施,以确保适合相应风险的安全级别,此类风险分析包括分析数据主体权利受损风险、实施成本以及数据处理的性质、范围、背景和目的。

The measures include

措施包括

(i) encryption of personal data where applicable/appropriate;

(一)适用/适当的情况下加密个人数据;

(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

(二)有能力确保处理系统和服务的持续机密性、完整性、可用性和适应性;

(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and

(三)有能力在发生物理或技术事故时及时恢复个人数据的可用性和访问;以及

(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

(四)实施流程,以定期测试和评估技术和组织措施的有效性从而确保处理的安全性。

VII. Recipients of Personal Data

七、 个人资料的接收者

VII. Recipients of Personal Data

ZF Friedrichshafen AG is the corporate headquarter of the ZF Group. Due to shared corporate IT systems within the ZF Group and because of the international nature of our business, Personal Data collected and processed by ZF Friedrichshafen AG and its subsidiaries (“ZF legal entities”) can be shared with or accessed by other ZF legal entities of the ZF Group for the purposes above. A data transfer to ZF legal entities outside of the EU will only occur under the provisions for international data transfers laid out in Section VIII of this Notice (see below). An overview of the ZF legal entities that are part of the ZF Group can be found at:

采埃孚股份公司是采埃孚集团的企业总部。由于采埃孚集团内部共享的企业 IT 系统以及我们业务的国际性,出于上述目的,采埃孚股份公司及其子公司(“采埃孚法人实体”)收集和处理的个人数据可与其他采埃孚法人实体共享或共享访问权。向欧盟以外的采埃孚法人实体进行数据传输只能根据本通知第八部分规定的国际数据传输规定进行(见下文)。可以在此找到属于采埃孚集团的采埃孚法人实体概览:

https://www.zf.com/locations

Collected Personal Data will only be transferred to carefully selected data processors acting on the basis of ZF’s instructions to comply with the applicable legal and contractual obligations. ZF will only grant access to Personal Data on a need-to-know basis, and such access will be limited to the Personal Data that is necessary to perform the function for which such access is granted. Authorization to access Personal Data will always be linked to the function so that no authorization will be extended to access Personal Data on a personal basis. Service providers and other data processors will only receive Personal Data according to the purposes of the service agreement with ZF.

收集的个人数据只会根据采埃孚在遵守适用的法律和合同义务方面的指示转移到精心挑选的数据处理者。采埃孚仅在需要知道的情况下授予对个人数据的访问权限,并且此类访问将仅限于执行授予职能所必需的个人数据。针对个人数据访问的授权将始终与相应职能相关联,不会扩大至个人名义的访问。服务提供商和其他数据处理者只可根据与采埃孚所签订服务协议中说明的目的接收个人数据。

VIII. International data transfers

八、 国际数据传输

International data transfers refer to transfers of Personal Data outside of the European Economic Area (“EEA”). The international footprint of ZF involves the transfer of Personal Data to and from other group companies or third parties, which may be located outside the EEA, including the United States of America. ZF will ensure that Personal Data is

国际数据传输是指在欧洲经济区 ("EEA") 之外的个人数据传输。采埃孚的国际活动涉及向其他集团公司或第三方转移个人数据,这些公司或第三方可能位于欧洲经济区以外,包括美利坚合众国。采埃孚将确保根据欧盟委员会的规范将个人数据传输到具有足够数据保护标准的国家/地区。或者,数据仅在实施适当的保护措施后转移,以充分保护个人数据并确保此类数据传输符合适用的数据保护法律。采埃孚所实施的数据传输协议基于欧盟模式条款,以覆盖国际数据传输。可以联系采埃孚集团数据保护协调员以获得这些协议的副本(参见上文第三部分)。

IX. Retention of Personal Data

九、 保留个人数据

ZF will not retain your Personal Data for longer than is allowed under the applicable data protection laws and regulations or for longer than is justified for the purposes for which it was originally collected. As a general rule, collected data will be deleted as soon as there no longer exists a business relationship with the customer/business partner or in the event of communication inactivity for the duration of a period of 2 years. However, collected data may be subject to retention requirements pursuant to applicable legal provisions. In other cases, Personal Data may be stored and retained for as long as the statutory period of limitations with regards to legal claims against ZF has not expired.

采埃孚对您个人数据保留的时间不会超过适用的数据保护法律和法规所允许的时间,也不会超过其最初收集目的所需的合理时间。一般情况下,一旦与客户/业务合作伙伴不再存在业务关系,或者在 2 年内没有通讯交流的情况下,收集的数据将被删除。但是,根据适用的法规,收集的数据可能需要遵守保留要求。在其他情况下,只要与针对采埃孚的法律要求相关的法定时效尚未过期,就可以存储和保留个人数据。

X. Data protection rights

十、 数据保护权利

Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time by contacting the ZF Group Coordinator for data protection (see Section III. above):

根据适用的数据保护法,您享受以下权利。您可以随时联系采埃孚集团数据保护协调员,以行使这些权利(参见上文第三部分):

• Right to access to, rectification and erasure of Personal Data;

• 访问、纠正和删除个人数据的权利;

• Right to restriction of processing;

• 限制处理的权利;

• Right of data portability to the extent applicable;

• 适用范围内的数据转移权利;

• Right to withdraw consent where the processing is based on consent;

• 在需要同意才能进行处理的情况下撤销同意的权利;

• Right to lodge a complaint with the supervisory authority and

• 向监管机构提出投诉的权利以及

• Right to object to processing.

• 反对处理的权利。

XI. Notice Compliance and Contact Information

十一、 通知合规性和联系信息

Monitoring and ensuring compliance of the Personal Data processing within ZF with this Notice and applicable data protection laws and regulations is the responsibility of the ZF Group Coordinator for data protection and of your local DPO, where applicable.

采埃孚集团数据保护协调员和您当地的 DPO(如果适用)负责监控并确保采埃孚内部的个人数据处理符合本通知和适用的数据保护法律和法规。

You may contact the ZF Group Coordinator for data protection with regard to any issue related to processing of your Personal Data and to exercise your rights as mentioned above.

就任何与您个人数据处理相关的事项,您都可以联系采埃孚集团数据保护协调员,以行使您上述的权利。

XII. Miscellaneous

十二、 其他

This Notice will be effective as of 25 May 2018 and will be applicable to ZF (see Section I. above for a precise definition of the scope).

本通知自 2018 年 5 月 25 日起生效,适用于采埃孚(有关范围的精确定义,请参见上文第一部分)。

This Notice may be revised and amended from time to time and appropriate notice about any amendments will be given.

本通知可能会不时修订和修改,并会对有关任何修改进行适当的通知。

ZF is allowed to adapt the text of this Notice only in order to be compliant with local legislation by means of an addendum attached to this Notice. In case of any discrepancies between this Notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.

只有在为了符合当地立法的情况下,采埃孚才被允许对本通知文本进行调整,调整形式为给本通知加上附录。

如果本通知与根据当地法律制定的特定当地附录之间存在任何差异,则以后者的条款为准。

Download PDF