German Business Partners - English
Privacy notice for suppliers, customers, service providers and other business partners of 中文AV Europe GmbH
For 中文AV Europe GmbH (hereinafter 鈥淥贰笔鈥) the protection of your personal data and your privacy is an important concern. The purpose of this privacy notice is to inform you which personal data of our suppliers, customers, service providers, consultants and other (potential) business partners or their contact persons (hereinafter collectively 鈥渂usiness partners鈥) we process and which rights you are entitled to in accordance with Regulation (EU) 2016/679 (EU General Data Protection Regulation 鈥 鈥淕顿笔搁鈥) and the Federal Data Protection Act with regard to the processing of your personal data.
1. Responsibility for the processing of personal data
中文AV Europe GmbH, Neue Mainzer Str. 84, 60311 Frankfurt am Main, Germany, is the controller for the processing of your personal data for the purposes set out under Section 3. Some processing activities are carried out under joint control with OEP Capital Advisors L.P., 330 N. Wabash Ave., Suite 3750, Chicago, IL 60611, US (鈥淥EP US鈥), OEP Master B.V., 2Amsterdam 鈥 Eduard van Beinumstraat 30, 1077 CZ Amsterdam, Netherlands (鈥淥EP NL鈥) and OEP Italy S.R.L., Via Alessandro Manzoni 38, 20121 Milano, Italy (鈥淥EP Italy鈥). For more information on processing under joint control with OEP US, OEP NL and OEP Italy please refer to Section 10.
2. Personal data processed
We process the following categories of personal data of our business partners:
- Professional contact and organisational data (e.g. name, title, business address, business telephone number and email address, job title/position, bank details if necessary);
- Communications data (content and traffic data, particularly emails);
- Information that is contained in contracts, communication and other documentation relating to M&A transactions, investments and other deals which we obtain in the course of such deals, in particular about persons related to the relevant target company and its business dealings or who are otherwise involved in such deal, e.g. employees or business partners (e.g. share/asset purchase agreements with names, signatures, dates of birth, residential addresses and tax identification numbers of the parties鈥 representatives);
- Other information that you provide to us or that we become aware of in the course of our business relationship and communications.
3. Purposes of the processing
We process your personal data for the following purposes:
- Managing the receipt of goods (e.g. IT equipment and consumables) and services (e.g. consultancy services);
- Management, optimisation and processing of our business relationships (including the performance of our contracts) with our business partners as well as the initiation or establishment of new business relations;
- Prevention and investigation of fraud or other criminal activities;
- Security of our IT systems, architecture and networks;
- Compliance with legal obligations of OEP and other companies of the OEP Group (including compliance with orders of public authorities) as well as for legal and tax advice.
4. Legal basis of the processing
We process your personal data on the basis of the following legal grounds:
- for the performance of the contract concluded with you or in order to take steps at your request prior to entering into a contract (Article 6 para. 1 lit. b GDPR);
- to comply with legal obligations to which we are subject (e.g. to comply with tax obligations; Article 6 para. 1 lit. c GDPR); and
- to the extent the processing is necessary for the purposes of legitimate interests pursued by us or a third party and these interests are not overridden by your interests or fundamental rights and freedoms (Article 6 para. 1 lit. f GDPR), in particular to enable cooperation with other companies within the OEP Group, to maintain and safeguard business operations and company processes, to protect OEP and our employees, to perform contracts with a business partner with whom you are employed, to improve our services and identify new ways to develop and grow our business, and to establish, exercise or defend legal claims.
5. Recipients of the personal data
We will transfer your personal data to the following categories of recipients and grant them access to the extent necessary in each case and, where necessary, on the basis of a data processing agreement concluded between us and the recipient:
- Employees of OEP;
- Other companies of the OEP Group;
- Technical service providers (particularly IT system providers and cloud service providers);
- Legal and tax consulting firms;
- Courts and other public authorities;
- Third parties in the event of any contemplated or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of the business or assets of OEP (including any insolvency or similar proceedings), if applicable; and
- Other third parties and service providers, to the extent this is necessary in individual cases.
6. Place of processing of personal data
Your personal data will be processed within the European Union (鈥淓U鈥) and the European Economic Area (鈥淓EA鈥) as well as outside the EU/EEA in so-called third countries by the parties specified in Section 5, in particular by service providers in the UK and the USA. In doing so, we take into account contractual confidentiality and non-disclosure obligations as well as the applicable data protection laws. We will not disclose your personal data to parties who are not authorized to process them.
Please note that there may be differences with regard to the applicable data protection laws between the respective member states of the EU/EEA and all other countries. The level of protection of personal data, especially when processed outside the EU/EEA, may therefore be lower than within the Federal Republic of Germany. If processing takes place outside the EU or EEA, we will ensure that the recipient of your personal data guarantees an adequate level of protection (in particular by participating in the so-called EU-U.S. Data Privacy Framework or by concluding the so-called EU standard contractual clauses with us and, if necessary, by implementing additional protective measures).
7. Data sources
We process personal data that we have received in the course of our business relationship from you, the company that employs you, other business partners or third parties, or from publicly accessible sources.
8. Retention periods
We store your personal data only as long as it is necessary for the purpose pursued with the respective processing and as long as we are legally obliged to store it (e.g. due to retention obligations under commercial or tax law).
9. Rights of the data subject
Under the applicable data protection laws and provided that the relevant statutory prerequisites are met, you as a data subject have various rights against any controller, e.g. a right to request from us access to your personal data. Furthermore, these rights may include a right to rectification, erasure or restriction of processing as well as the right to data portability.
Where we process your data on the basis of the legitimate interests of OEP or a third party, you have the right to object to such processing on grounds relating to your particular situation at any time. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
You can exercise these rights by sending a request to Dunja Mauser, who can be contacted by email at dunja.mauser@oneequity.com.
Furthermore, you have the right to lodge a complaint about the processing of your personal data with the competent data protection authority.
10. Specifics in case of processing under joint control with OEP US, OEP NL and OEP Italy
For the following processing operations concerning you, we determine the purposes and means of the processing jointly with OEP US, OEP NL and OEP Italy and therefore act as so-called joint controllers:
- Document management on a shared data storage: To the extent necessary to ensure efficient handling of business processes, customer needs related to the investments of the OEP Group and other needs of OEP Group鈥檚 business partners (in particular to perform contracts with you or a business partner with whom you are employed, to enable cooperation with other companies within the OEP Group, and to operate and administer our portfolio companies and other investments), OEP, OEP NL, OEP US and OEP Italy store files/documents which may also include personal data of their business partners on shared data storages which their respective relevant employees can access. These files may include, for example, AML certifications and ESG reviews of the OEP Group鈥檚 portfolio companies and further documents related to the management of these companies.
This joint control is based on contractual agreements between OEP US, OEP NL, OEP Italy and us which determine who fulfills which obligation under the GDPR in each case. Under the GDPR, we are required to make the essence of these joint controllership agreements available to you: we have stipulated that the processing operations mentioned above are subject to joint control and that each party is responsible for the lawfulness of its respective data processing. The information obligations are fulfilled by each OEP, OEP US, OEP NL and OEP Italy towards their business partners. For this reason, you receive this privacy notice with respect to joint controllership from us. In addition, we, OEP US, OEP NL and OEP Italy will promptly inform and assist each other to the extent necessary to respond to data subject requests. The data subject鈥檚 rights set forth in Section 9 above also apply without limitation with respect to the processing operations that are carried out under joint control with OEP US, OEP NL and OEP Italy. In this respect, you can exercise your data subject rights both towards us and towards OEP US, OEP NL or OEP Italy. As a data subject, you will generally be provided with the information from the controller you have contacted to exercise your rights. You can reach (i) OEP US at the address above or by email via dora.stojka@oneequity.com, (ii) OEP NL and OEP Italy at the respective addresses above or by email via dunja.mauser@oneequity.com.
This privacy policy was last updated in June 2024.