Privacy Statement – Supplier Relationships

This privacy notice explains how we at Rejlers process your personal data (“data”) in relation to our current and potential supplier and subcontractor relationships as well as procurement activities, and outlines your rights regarding this data. As data controller, we are responsible for ensuring your data is processed legally. We want you to be informed and feel safe.

The personal data we handle may vary based on whether the supplier is a company or an individual, and the type of delivery they provide us. Here’s what we may process:
• Contact and identification details such as name, address, email address, phone number, organization, job title and social security number;
• Marketing preferences;
• Communication data exchanged between you and us;
• Financial information such as bank account details, tax ID and other payment-related information;
• Data required by us or our end-customers for on-site work such as registration number, age, employment information, health and safety information, competencies and certifications, as well as access rights and logs; and
• Other relevant business relationship information to support various business functions, compliance, and operational needs, such as meeting attendance, IT and security data, insurance and liability data, risk assessments, performance and evaluation data including audit and inspection reports, and feedback and surveys.

Personal data is collected directly from the supplier or its representative during a business relationship. Information about external employees is usually obtained from the company that employs them. We may also collect data from marketing or subscription requests, authorities, official registries and databases, professional networks, referrals, recommenders and other reliable external sources.

We process your data for reasons that are needed for maintaining effective business relationships, ensuring operational efficiency and complying with legal obligations. The following outlines the primary legal purposes for which we process data.
Contract: We process data to establish, manage, and fulfill contracts with our business partners. This includes for example placing orders, managing deliveries and requirements related to on-site presence, monitoring performance as well as handling payments. Data is also used for handling inquiries and supplier requirements, resolving claims, and fulfilling supplier due diligence.
Legitimate Interest: We process data to develop and market our business, monitor performance, facilitate communication outside contracts, manage incidents, organize events, seminars and trainings as well as otherwise manage the supplier or subcontractor relationship. This processing ensures compliance with legal obligations and maintains operational safety, security and efficiency. We make sure that processing based on legitimate interest is fair and meets your reasonable expectations.
Legal Obligation: Local laws may require us to fulfill other legal obligations or disclose data to authorities. For example accounting, audit, tax, labour, environmental and data protection laws and standards require us to keep records of our business activities.
Consent: We may process personal data based on your consent for specific purposes, such as newsletter subscriptions. You are not required to provide consent or personal data, and you can withdraw your consent at any time.

We do not sell or disclose data to third parties without a legal basis. We may share data with trusted service providers such as IT and cloud service providers, marketing and communication agencies, legal and professional advisors, health and safety consultants, logistics and courier services as well as payment processors, financial institutions and data analytics and research firms. We may also share your data with commercial partners as needed for contractual reasons. These service providers and third parties only process your data according to our instructions and for the purposes mentioned in this privacy notice. We ensure that shared data is adequately protected and that recipients are bound by contracts with sufficient data protection terms.
Furthermore, our employees may have access to your data on a need-to-know basis to perform their job duties. We may share your data with our affiliates to support business operations, streamline processes, ensure consistency across the organization, or for other purposes mentioned in this notice.
Data may also be disclosed to authorities or other third parties if required by applicable law or enforceable official requests.

We keep your data only as long as necessary for its processing purpose or as required by applicable law, such as tax and accounting laws as well as statutes of limitations. Below is a list we apply as a guideline on how long we store your data:

We may also keep your data longer if needed for legal reasons, such as claims, litigation, or internal investigations.
After this period, we delete or anonymize your data.

We consider personal integrity a top priority and actively strive to keep your data safe. We take all reasonably expected technical and organizational measures to ensure that data is processed securely and protected from loss, accidental destruction, misuse, and unauthorized access or alteration in accordance with this privacy notice and the General Data Protection Regulation (GDPR), as well as other applicable legislation.
We protect our digital databases with firewalls, antivirus software, encrypted connections, and other standard security measures. Physical materials are stored in secure locations that unauthorized people do not have access to. Only our authorized employees who need to handle your data for their job can access it, and they do so in accordance with our instructions.
We transfer your data to service providers outside the EU/EEA only when necessary for the technical and practical implementation of data processing, such as when a service provider operates outside these areas. In such cases, we make sure they have appropriate safeguards and data protection measures in place.

According to data protection legislation, you as a data subject have the right to:
• Request information about how we process your data;
• Access your data;
• Request that your data is corrected, amended or updated;
• Request deletion of data or restriction of processing;
• Withdraw consent (if processing is based on consent); as well as
• Request your data in a machine-readable format and transfer it to another controller.
The applicability and extent of the above-mentioned rights are determined on a case-by-case basis in accordance with applicable data protection legislation. You can exercise these rights by contacting us (details in Section 9). We may need to verify your identity before processing your request.
Please note that if we comply with your request to withdraw consent or restrict or delete personal data, you may no longer be able to receive services that you previously received, ordered, or requested.
If you feel that the processing of your data is not done legally, you have the right to file a complaint with the supervisory authority as per the table below.

For any questions or concerns about your data, please contact us as per below:

We may at our sole discretion update this privacy notice occasionally. The latest version will always be available on our website. We’ll notify you of significant changes via email or by updating the notice on our site.