Advectus Privacy Notice
for Business Partners
Advectus processes information of its business partners, such as customers, suppliers, vendors and partners, which constitutes personal data and considers the protection of personal data a very important matter. Therefore, Advectus processes such personal data in compliance with the applicable laws on data protection and data security.
Please note: If you intend to provide us with personal data about other individuals (e.g. your colleagues), you must provide a copy of this Advectus Privacy Notice for Business Partners to the relevant individuals, directly or through their employer.
1. Who is responsible for the processing of my personal data?
The responsibility for the processing of your personal data lies with Advectus Solutions Limited, Suite 1108, Tower 2, Silvercord, 30 Canton Road, TST, Kowloon, Hong Kong, phone: +1.480.451.0181, firstname.lastname@example.org, and/or one of its subsidiaries listed in the Appendix attached at the end of this Privacy Notice (“Advectus”, “we” or “us”).
The individual responsibility depends on which of the Advectus entities processes personal data as a controller (i.e. alone or jointly with others, determines the purposes and means of the processing of personal data).
For further information on the controller role, please contact Advectus under to contact details outlined in sec. 8 below.
2. How can I contact the European representative of Advectus?
You can contact the European representative of Advectus under:
Advectus Solutions Germany GmbH
Gebaeude 64.07, Buero 2-18
81379 Munich, Germany
3. What information does Advectus have about you?
Information Advectus may have about you may either be directly provided by you, by our business partners (i.e. the legal entity for whom you work), by third parties, such as sales representatives, suppliers or vendors, or be obtained through trusted publicly available sources, such as integrity databases, credit agencies or websites. We may collect various types of personal data about you, including:
- Contact information, such as full name, work address, function, telephone number, mobile phone number, fax number and email address;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers, VAT or other tax identification numbers and other related billing information;
- Identification data where required for the purpose of delivering our products or services, such as login, access right, passwords, IP address, online identifiers/cookies, logs, access and connection times, image recording or sound such as badge pictures, CCTV or voice recordings;
- Further information necessarily processed in the context of a contractual relationship with Advectus or voluntarily provided by business partners, such as placed orders, services rendered or project milestones achieved, or data provide by you, for example when interacting with us, or answering questions during a conversation or in a survey; and
- Legally required information for business partner compliance screenings, information about relevant and significant litigation or other legal proceedings against business partners.
4. For which purposes does Advectus use your personal data and why is this justified?
4.1 Legal basis for the processing of your personal data
We will not process your personal data if we do not have a proper justification foreseen in the applicable data protection law for that purpose. Therefore, we will only process your personal data if:
- We have obtained your prior consent;
- The processing is necessary to perform our contractual obligations in the context of the business relationship with you or to take pre-contractual steps at your request;
- The processing is necessary to comply with our legal or regulatory obligations; or
- The processing is necessary for the purposes of the legitimate interests and does unreasonably affect your interests or fundamental rights and freedoms.
Please note that, when processing your personal data based on legitimate interests, we always seek to maintain a balance between the legitimate interests and your privacy.
Examples of such ‘legitimate interests’ are data processing activities performed to:
- Develop a proximity and trustful professional relationship with and provide knowledge to our business partners;
- Promote innovation in the field of technology platforms, such as for Enterprise Resource Planning (ERP);
- Manage Advectus human and financial resources and optimize the interactions with our business partners;
- Benefit from cost-effective services (e.g. we may opt to use certain platforms offered by suppliers to process data);
- Prevent fraud or criminal activity, misuses of our products or services as well as the security of our IT systems, architecture and networks;
- Sell any part of our business or its assets or to enable the acquisition of all or part of our business or assets by a third party; and
- Meet our corporate and social responsibility objectives.
You can obtain further information on legitimate interests involved upon an express request by contacting Advectus under the contact details outlined in sec. 8 below.
In the context of the business relationship with Advectus, we always process your personal data for a specific purpose and only process the personal data, which is relevant to achieve that purpose.
In particular, we process the personal data we may have about you for the following purposes:
- Communicating with business partners about products, services and projects of Advectus or business partners, e.g. by responding to inquiries or requests and provide appropriate, adequate and updated information about our products or services;
- Planning, performing and managing the (contractual) relationship with business partners, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing training and support services;
- Improving the quality of our interactions by adapting our products or services to your specific needs, e.g. by administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
- Managing our IT resources, including infrastructure management and business continuity, e.g. by granting access to our service, training and support platforms;
- Maintaining and protecting the security of our products or services, e.g. by preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Advectus policies or industry standards; and
- Tracking our activities or activities of sales representatives, e.g. by measuring interactions or sales, number of appointments/calls;
- Resolving disputes, enforcing our contractual agreements and establishing, exercising or defending legal claims.
- Managing mergers and acquisitions involving our company;
5. Who has access to your personal data and to whom are they transferred?
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data may be accessed by or transferred to the following categories of recipients, on a need to know basis to achieve such purposes:
- Our personnel (including personnel, departments or other companies of the Advectus group);
- Our independent sales representatives, such as agents or brokers;
- Our suppliers and services providers that provide products or services to us;
- Our IT systems providers, cloud service providers, database providers and consultants;
- Our business partners who offer products or services jointly with us or with our subsidiaries or affiliates;
- Our escrow agents who store our software source code for the benefit of customers;
- Any third party to whom we assign or novate any of our rights or obligations.
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with the applicable data protection laws.
Your personal data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
The personal data we collect from you may also be processed, accessed or stored in a country outside the country where Advectus is located, which may not offer the same level of protection of personal data.
If we transfer your personal data to external companies in other jurisdictions, we will make sure to protect your personal data by:
(i) Applying the level of data protection required by applicable data protection laws, e.g. by implementing appropriate safeguards, such as EU Standard Contractual Clauses approved by the European Commission or adequacy decision by the European Commission, when transferring personal data to third countries within the framework of the applicability of the EU General Data Protection Regulation (GDPR); and
(ii) Acting in accordance with Advectus’ internal policies and standards.
You can obtain further information on the transfer of your personal data and the applied safeguards upon an express request by contacting Advectus under the contact details outlined in sec. 8 below.
6. Am I obliged to provide my personal data?
In the context of the business relationship with Advectus, you are obliged to provide such personal data, which are required for commencing, executing and terminating the business relationship with you as well as for compliance with the associated contractual obligations. Without these personal data, we will generally not be able to enter into an agreement with your employer as our business partner, to perform the requested services under such an agreement or to terminate it.
7. How long does Advectus store your personal data?
We will only retain your personal data for as long as necessary to fulfill the purpose for which they were collected or to comply with legal or regulatory requirements (such as tax or commercial law).
8. What are your rights and how can you exercise them?
You may exercise the following data protection rights under the conditions and within the limits set forth in the applicable data protection laws:
- The right to access your personal data as processed by us and, if you believe that any information relating to you is incorrect, obsolete or incomplete, to request its correction or updating;
- The right to request the erasure of your personal data or the restriction thereof to specific categories of processing;
- The right to withdraw your consent at any time, without affecting the lawfulness of the processing before such withdrawal;
- The right to object, on grounds relating to your particular situation, in whole or in part, to the processing of your personal data;
- The right to object at any time to the processing of your personal data used for any direct marketing purposes;
- The right to request the portability of your personal data by receiving the personal data you provided to us in a structured, commonly used, and machine-readable format or transmitting those data to another controller; and
- The right to appeal to a competent data protection supervisory authority.
If you have a question or want to exercise your data protection rights, you may contact us by sending us an email to email@example.com or a letter at:
Advectus Solutions Limited
PO Box 18850
Fountain Hills, AZ 85269
9. How will you be informed of the changes to our Privacy Notice?
Any future changes or additions to the processing of your personal data as described in this Privacy Notice will be notified to you in advance through an individual notice or through our usual communication channels (e.g. by email or via our internet websites).