With the following information, we give you an overview of the processing of personal data by us and the rights that data subjects can assert against us. Which data are processed in detail and how they are used depends largely on the object or purpose of our contact. Therefore not all parts of this information will apply to you.
Responsible in accordance with Art. 4 (7) of the General Data Protection Regulation (GDPR) is
Hitachi Solutions Europe Limited
11th Floor, Tower 42, 25 Old Broad Street
EC2N 1HQ London
+44 203 198 5136
The contact details of our Data Protection Officer are:
Hitachi Solutions Europe Limited
+44 (0) 203 198 5136
We process personal data that we receive from our customers or their authorised representatives or interested parties within the scope of our business relationship. These data can be:
In addition, we process personal data that we have obtained from publicly accessible sources (e.g. commercial register, press, media or Internet) in a permissible manner and whose processing complies with the law.
We process personal data in accordance with the provisions of the GDPR (General Data Protection Regulation) and the DPA (Data Protection Act 2018) and all other relevant laws:
1. to implement our contractual relationships (Art. 6 (1) letter b GDPR)
The processing of data is carried out to provide our services and commercial transactions within the framework of customer contracts or to carry out pre-contractual measures which are carried out on request. The purposes of the data processing are generally based on the subject matter of the contract and may also include, among other things, demand analyses and consultation.
2. as part of the balancing of interests (Art. 6 (1) letter f GDPR)
As far as necessary, we process data to protect legitimate interests. Examples of this are the assertion of legal claims and defence in the event of legal disputes, guaranteeing IT security and our IT system, checking and optimising procedures for analysing requirements for the purpose of directly addressing customers, measures for building and plant security (e.g. access controls) or measures for business management and the further development of services and products.
3. on the basis of legal requirements (Art. 6 (1) letter c GDPR)
We are subject to various legal obligations. These include in particular the fulfilment of fiscal control and reporting obligations
4. on the basis of consent (Article 6 (1) letter a GDPR)
As far as we have received consent to process personal data for specific purposes, the lawfulness of the processing on this basis is given. A given consent can be revoked at any time for the future. The declaration is possible informally.
Within our company, those departments receive access to personal data which they need to fulfil our contractual and legal obligations. Service providers and vicarious agents employed by us may also receive data for these purposes, provided they maintain confidentiality and comply with our data protection instructions.
With regard to the passing on of data outside our company, we strictly observe the secrecy law regarding all data of our customers and interested parties. We are allowed to pass on information if we are obliged to provide information by legal regulations or if we have consented to this. Service providers commissioned by us must also ensure compliance with confidentiality and the provisions of the GDPR. These are above all service providers for data medium destruction, EDP/IT support and maintenance service providers, legal advisers, payment transaction service providers and tax consultants.
A data transfer to countries outside the European Union or the European Economic Area – so-called third countries – takes place only within the group and/or as far as this is necessary or legally prescribed for the execution of our orders (e.g. tax reporting obligations), if we have your consent or in the context of an order processing.
If necessary, in individual cases, personal data will be transferred to an IT service provider in a third country to guarantee our IT operations. If the service provider is used in a third country, the appropriate level of data protection is guaranteed by the conclusion of the EU standard contract clauses.
Our customer relationship processes are software-supported. All European units of Hitachi Solutions use a common tool: Microsoft Dynamics 365 Sales. Data processing within the meaning of section 4.1 takes place here (pre-contractual measures).
Access by our European units (including access from third countries as defined in the GDPR) is controlled by an authorization concept.
For Great Britain applies:
We use Microsoft Dynamics 365 Sales in conjunction with the following tools:
Microsoft Co-sell opportunities: Part of a Microsoft portal where sales opportunities are entered in order to provide customers with the best possible advice This portal is used to make agreements on sales opportunities directly with the manufacturer Microsoft. First name, surname, e-mail address and telephone number are processed.
We process and store data as long as it is necessary for the fulfilment of our contractual or legal obligations.
If the data is no longer necessary for the fulfilment of contractual or legal obligations, it is regularly deleted, unless its temporary further processing is necessary to fulfil commercial or tax law storage obligations. The periods of retention or documentation are usually between 2 and 10 years. In these cases, after the end of the processing purpose, the processing as such will be restricted in such a way that only the purpose of storage from the laws mentioned as examples can be achieved.
Every data subject has the right of
In addition, there is a right of appeal to the Information Commissioner. Should a data subject make use of these rights, we will check whether the legal requirements for this are fulfilled.
Consent to the processing of personal data can be revoked at any time. This also applies to declarations of consent issued to us prior to the validity of the GDPR – i.e. prior to 25.05.2018. It should be noted here that a revocation is only effective for the future. Processing that took place before the revocation remains unaffected.
Within the framework of a business relationship with our company, those personal data are to be provided which are necessary for the initiation, execution and termination of a business relationship and for the fulfilment of the associated obligations or which we are legally obliged to collect. Without this data, it is generally not possible for us to conclude, execute or terminate a contract.
Our business operations require that data be collected and processed. Data protection and data security must be guaranteed wherever data is collected and processed. This is more than just a legal requirement for us.
If you require information that is not included in this transparency information, we can be reached via the contact information mentioned at the beginning.
Information on your right of objection under Art. 21 GDPR
You have the right to object at any time, for reasons arising from your individual situation, to the processing of personal data concerning you, which is carried out on the basis of Art. 6 (1) letter f of the GDPR (data processing based on a balancing of interests).
If you object, we will no longer process your personal data, unless we can prove that there are compelling, justified reasons for processing that outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims
In individual cases we process your personal data in order to carry out direct advertising. You have the right to object at any time to the processing of your personal data for the purpose of such advertising.
If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
The objection can be made in any form with the subject "Objection", stating your name and address, and should be sent to
Hitachi Solutions Europe Limited
11th Floor, Tower 42,
25 Old Broad Street