Please select your location and preferred language where available.
Privacy Policy
You are on one of the websites belonging to KIOXIA Europe GmbH (“KIE” “we”, “us”, “our”). Thank you for your interest in our company, our offers, and our products, and thank you also for visiting our websites. We respect the privacy of every person and protecting your personal data is a matter of great importance to us. In this Privacy Policy, we explain: how we handle your personal data, i.e. the purpose of its processing; which processing operations are optional, i.e. processing only carried out with your consent; which processing operations are essential, i.e. processing that can take place without your consent; the specific legal basis on which processing is carried out, and the specific rights and claims to which you are entitled.
We would like to point out that this Privacy Policy applies to the website https://europe.kioxia.com/ and the subpages of this website (collectively referred to as “websites”). The statements made in this Privacy Policy also apply to us, insofar as it concerns certain specified data processing operations that are not connected with the websites, as well as to the group companies affiliated with us and – where applicable – to third-party providers. For more detailed information on the areas of application of the statements contained herein, please refer to the relevant sections (see below).
However, the statements made in this Privacy Policy do not apply to the websites of other providers that are linked on our websites or embedded therein (II. 4.). We have no influence over the ability of these providers to comply with the relevant data protection provisions. This Privacy Policy does not therefore apply to your activities on social network websites or those of other external providers, irrespective of whether you access them via links contained on our websites. Please read up on the data protection provisions listed on the websites of these providers.
This Privacy Policy only applies to your activities on our websites, your use of our virtual exhibition stands, the application process, competitions and prize draws organised by us, and the sharing of personal data for commissioned data processing. The sections below also contain information on the processing of personal data which might take place outside the EU / EEA.
A. Controller within the meaning of the GDPR
KIOXIA Europe GmbH
Hansaallee 181
40549 Düsseldorf
Germany
KIE-privacy@kioxia.com
B. Data protection officer and contact options
If you have any questions about this Privacy Policy or you would like to exercise your rights described in this Privacy Policy (E. Rights of the data subject), please contact our data protection officer at the following email address:
KIOXIA Europe GmbH
Data protection officer
Dr Sebastian Kraska
KIE-privacy@kioxia.com
C. Handling personal data
Below we would like to provide you with information about how we handle your personal data. First we would like to describe the purposes of such usage in abstract terms (I.) so that we can then explain in more detail how the websites are used (II.) as well as careers at KIOXIA Europe GmbH (III.), trade fairs (IV.), competitions and prize draws (V.), sharing of personal data for commissioned data processing (VI.), and processing of personal data outside the EU / EEA (VII.) as individual processing operations.
I. Possible purposes of use
Where we collect your personal data without your consent when you visit our websites, we will use it to ensure the functionality of our websites and also to protect our IT systems against attacks and other illegal activities. More information on these processing operations is provided below.
Where you provide us with other personal data, for example, when registering, in a chat, contact form, survey, competition/prize draw, or to execute a contract, we will use this data for the respective purposes, for the purposes of customer management, and – if necessary – for the processing and billing of business transactions, in the scope required for such actions. More information on these processing operations is provided below.
For other purposes (for example, display of personalised contents or advertising based on your usage behaviour), we and potentially selected third parties will use your personal data if you have given us your consent (= prior agreement) to do so through our consent management system (cookie settings). You can change these settings at any time using the button “Cookie Settings” which appears at the footer of every page of our websites. More information on these processing operations is provided below.
We will also use personal data if we are required to do so by law (for example, storage for the fulfilment of commercial or tax law retention obligations, release in accordance with official or court orders, for example, to a law enforcement agency). More information on these processing operations is provided below.
II. Using our websites
Below we would like to explain in detail the various usage options of our websites. We will also explain the types of personal data to be processed – and under which prerequisites.
1. Calling up our websites
When you call up our websites, your browser automatically transfers certain data to our web server in order to provide you with the information you have called up. In order to make your visit to our website possible, the following data is collected, (temporarily) stored, and used:
IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of request (specific page)
Operating system and its access status / HTTP status code
Volume of data transmitted
Website from which the request originates
Browser, language and version of browser software
2. Using cookies
When you call up our websites, so-called cookies are used and as a result certain personal data is processed.
a) What are cookies?
A cookie is a small text file that is sent by the website to your device in order to record various information, for example, language settings. Cookies are stored on your device via your browser. This way, they can be sent to the websites when you visit them again in order to enable or improve their use.
b) Which cookies do we use?
The cookies that we use can basically be split into two categories: Firstly, we have strictly necessary cookies – which are vital to the operation of our websites, are automatically set when you visit one of our sites, and do not require your consent (2c) –, and secondly, we have optional cookies (2d).
Optional cookies can in turn be split into subcategories (2d), namely analysis cookies (aa), personalisation cookies (bb), and advertising cookies (cc).
Furthermore, we process your personal data for example whenever you use our contact form (3) and enter personal data in it, and also through external services and contents on our websites (4). Refer to the explanations below for detailed information about all of these processes.
In order to improve our websites and the services we offer on them, and also to be able to give you a more enjoyable and more personalised user experience, we or third parties may use cookies, so-called web beacons, and similar technologies to track and analyse your activities.
A web beacon is a small transparent image in GIF format that is embedded in an HTML page or an email and used to track when this HTML page or email was displayed.
You can decide whether to allow us or third parties to set cookies that are not essential to the functioning of the websites. You can give this consent via the cookie banner or you can subsequently grant or at any time change or revoke your consent via the cookie settings in the footer of the individual websites.
These types of cookies are optional and it is up to the user to decide whether they want to opt in, opt out, or withdraw their consent at a later date (2d). The optional cookies that we use – as mentioned above – can be split into the subcategories analysis cookies, personalisation cookies, and advertising cookies.
Below you will find a definition of the various categories of cookies, followed by a list of all of the cookies that we use:
c) Strictly necessary cookies
These cookies perform essential tasks for using our websites. Our websites do not work correctly without them. In turn, this means that their use does not require the prior consent of the user. Where strictly necessary cookies are used, and these cannot be removed. Strictly necessary cookies may also be generated at the time you call up our websites. Use of our websites is not possible if you wish to prevent the use of cookies.
Below you will find a list of strictly necessary cookies used on our websites, which in turn are divided into first-party cookies and third-party cookies, as well as further information about these cookies.
This information is organised as shown in the following example:
Name of the provider:
Name of the cookie (storage length) |
Description of the cookie |
---|
First-party cookies:
inquiryToken (0 days) |
This cookie is used to prevent cyberattacks via the inquiry form. It does not contain any information that would identify users. |
---|---|
Eupubconsent (364 days) |
This cookie used by the IAB Europe Transparency & Consent Framework in order to save user consent for data collection. The cookie contains an encrypted consent string that providers participating in the framework can read and determine user consent. |
OptanonConsent (364 days) |
This cookie is used by the cookie compliance solution from OneTrust. It saves information about the cookie categories used by the websites and about whether users have given or revoked their consent regarding use of the individual categories. This enables website operators to prevent the setting of specific cookie categories in the user’s browser if said user has not given their consent. The cookie has a normal lifetime of one year, so that returning visitors to the websites can remember their preferences. It does not contain any information that could be used to identify the website visitor. |
OptanonAlertBoxClosed (364 days) |
This cookie is used by websites that use certain versions of the OneTrust solution for compliance with laws that are applicable to cookies. It is set after the visitor is shown a cookie notice, and in some cases, only when they actively close this notice. It ensures that the visitor is only shown this notice once when they call up the website. The cookie does not contain any personal information. |
d) Optional cookies
Cookies that are not essential to the functionality of the websites, but instead also collect data for other purposes, are called optional cookies. These cookies allow us to track your navigation on our websites and visualise the associated services. In the process, we may transfer your IP address to third parties in order to collect statistical data about usage of our websites. Such data helps us with the design of the websites and planning our server structure. Optional cookies can be used, for example, for analysis, personalisation, or advertising purposes.
Optional cookies may only be used if a relevant legal basis exists; the prior consent of the user (your consent) is usually given in such cases.
A legal basis is generally also required for strictly necessary cookies. Here, however, the legal basis already exists in the necessity (of setting the cookie) for the operation of the websites.
- aa) Analysis cookies
These cookies collect information about the websites you visit.
They collect information about how visitors use our websites, e.g. which pages they visit the most and whether they receive error messages on these pages.
Below you will find a list of the analysis cookies contained on our websites:
First-party cookies:
s_sq (session) |
Adobe Site Catalyst cookie, stores information about the previous link clicked within the site. |
---|---|
s_cc (session) |
Adobe Site Catalyst cookie determines whether Adobe Analytics cookies are activated in the browser. |
gpv_Page (0 days) |
This cookie collects information in order to measure how you use our websites. This includes both the visited websites belonging to us and the links the user clicked on whilst there (Adobe Analytics site tracking). |
AMCVS_C897366E5AF310550A495E0C%40AdobeOrg (session) |
This is a pattern type cookie name associated with Adobe Marketing Cloud. It stores a unique visitor identifier and uses an organisation identifier. |
Test AMCV_COOKIE_WRITE (session) |
This is a pattern type cookie name associated with Adobe Marketing Cloud. It stores a unique visitor identifier and uses an organisation identifier. |
AMCV_C897366E5AF310550A495E0C%40AdobeOrg (730 days) |
This is a pattern type cookie name associated with Adobe Marketing Cloud. It stores a unique visitor identifier and uses an organisation identifier to allow a company to track users across their domains and services. |
Third-party cookies:
Dpm.demdex.net:
Dpm (180 days) |
This domain is the property of Adobe Audience Manager. The main task of the cookie is to create online profiles for targeted marketing. However, KIOXIA will not use this cookie for targeted marketing; it will only be used for analytical purposes. |
---|
- bb) Personalisation cookies
These cookies enable us to provide enhanced functionality and personalisation of our websites. The cookies can be used by us or third-party providers whose services we have included on our websites. If you do not permit the use of these cookies, some or all of these services may not work properly.
We do not use any personalisation cookies on our websites at present.
- cc) Advertising cookies
These cookies can be used by our advertising partners via our websites; these are therefore only third-party cookies. Third-party providers may use these cookies to build a profile of your interests and show you relevant adverts on other sites. If you do not consent to the use of these cookies, you will receive less targeted advertising.
Below you will find a list of the advertising cookies contained on our websites:
Third-party cookies:
Everesttech.net:
everest_g_v2 (730 days) |
This domain is the property of Adobe. This cookie is used for advertising purposes. |
---|---|
everest_session_v2 (session) |
This domain is the property of Adobe. This cookie is used for advertising purposes. |
Demdex.net:
Demdex (180 days) |
This cookie helps Adobe Audience Manager perform basic functions such as visitor identification, ID synchronisation, segmentation, modelling, reporting, etc. |
---|
Youtube.com:
YSC (session) |
YouTube is a Google-owned platform for hosting and sharing videos. YouTube compiles user data through videos embedded in websites, which add to the profile data from other Google services, to show visitor-oriented advertising on the net in a wide range of their own and other sites. |
---|---|
VISITOR_INFO1_LIVE (180 days) |
This cookie is used as a unique identifier to track viewing of videos. |
TESTCOOKIESENABLED (0 days) |
This cookie is made from YouTube. The main business activity is: Advertising. |
VISITOR_PRIVACY_METADATA (179 days) |
YouTube is a Google-owned platform for hosting and sharing videos. YouTube collects user data through videos embedded in websites, which is aggregated with profile data from other Google services in order to display targeted advertising to web visitors across a broad range of their own and other websites. |
Google.com:
NID (182 days) |
This domain is owned by Google Inc. Although Google is primarily known as a search engine, the company provides a diverse range of products and services. Its main source of revenue however, is advertising. Google tracks users ex-tensively both through its own products and sites, and the numerous technologies embedded into many millions of websites around the world. It uses the data gathered from most of these services to profile the interests of web users and sell advertising space to organisations based on such interest profiles as well as aligning adverts to the content on the pages where its customer's adverts appear. |
---|
3. Use of the contact form
- You can contact us directly using the contact forms provided on our websites. In particular, you can communicate the following information to us:
- First and last name, salutation
- Country
- Contact details (e.g. email address, telephone number, address)
- Message
We ask that you do not enter any sensitive personal data in your message, in particular special category personal data within the meaning of Art. 9 GDPR (e.g. political opinions, health data, etc.).
The personal data you enter in the contact form will only be processed by us, our affiliated group companies, and/or third-party providers, whose involvement is necessary to answer and/or process your query. Processing only takes place in countries with an adequate level of data protection as deemed by the EU Commission. Processing is usually restricted to our group companies in Germany and Japan. The personal data you enter is processed in order to answer your query, to provide you with additional information, or to fulfil a purpose specified in this Privacy Policy. We, our affiliated group companies, and/or third-party providers may respond to you – depending on the nature of your query – by email, letter, phone, or fax.
Please note that we, our affiliated group companies, and/or third parties commissioned by us must have access to the (personal) data that you enter in such cases in order to be able to contact you.
The personal data you enter in the contact form will only be used by us, our affiliated group companies, and/or third parties commissioned by us for processing or answering your query and for sending additional information or for fulfilling another purpose specified in this Privacy Policy.
4. Inclusion of external services and contents of third-party providers
- a) General information
We have integrated external services or content of third-party providers into some of our websites. Whenever you use these services, communication data is automatically exchanged between you and the respective provider.
It may also be the case that the (third-party) provider of the respective services or content processes your data for its own, alternative purposes. We have configured services or content from providers that are known to use data for their own purposes to the best of our knowledge and belief in such a way that there is no communication for purposes other than for display of the content or services on our website or that communication only takes place if you actively decide to use the service. Since we have no influence on the data collected by third parties and how they process it, we are unable to give definitive information about the purpose and scope of the processing of your data.
Further information about the purpose and scope of the collection and processing of your data can therefore be found in the data protection notice of the respective data protection-compliant provider of the services or content integrated by us.
- b) Youtube.com
We use the platform YouTube.com to upload our own videos and make them publicly accessible. YouTube.com is a website from an unaffiliated third-party provider, namely YouTube LLC.
For information about the rationale for using the processing operations described in this section, please go to: D – Legal basis for processing.
Some of our websites contain links to contents on YouTube.com or they feature contents of YouTube.com that are directly embedded. The general rule applies that we are not responsible for the contents from websites whose links are integrated on our sites if such contents were not originally created by us. In the event that you follow a link to YouTube.com, we would like to point out that YouTube stores the data of its users (e.g. personal information, IP address) in accordance with its own data privacy policy and may use it for business purposes. We have no influence over how your personal data is used or processed on YouTube.com.
We directly integrate videos stored on YouTube on some of our websites. This involves displaying videos contained on YouTube.com in subareas of the browser window. However, these videos are only played by clicking on the respective subarea of the browser window. This technique is also called “framing”.
Whenever you visit one of our websites that displays videos on YouTube.com in this integrated form, a connection to the YouTube servers is established as soon as you call up the website.
YouTube content is integrated only in “privacy-enhanced mode”. This is provided by YouTube itself, thus ensuring that YouTube does not initially store any cookies on your device. However, when you call up the relevant pages, the IP address and potentially even additional data will be transmitted. This information cannot be assigned to you, however, unless you have logged in to YouTube or another Google service before calling up the page or unless you are permanently logged in.
As soon as you start playing an embedded video by clicking on it, YouTube will only save cookies on your device, which do not contain any personally identifiable data, due to the privacy-enhanced mode, unless you are currently logged in to a Google service. These cookies can be prevented through appropriate browser settings and extensions.
Link to the privacy policy of YouTube LLC: https://policies.google.com/privacy
- c) (Other) social media
In addition to embedded YouTube videos, our websites also contain links (social media buttons) to various social media channels (social media, e.g. Facebook and LinkedIn). By clicking on these social media buttons, you are taken to the sphere of the respective provider.
We would therefore again like to point out that we have no influence over the provider’s compliance with data protection provisions. You should therefore pay special attention to the data protection provisions of the respective provider.
III. Guarantee and quality complaints
We collect and store personal data that you voluntarily provide to us in order to assert a warranty claim or exercise one of your statutory warranty rights.
Please read the following information carefully if you send any storage products to us for the purpose of exchange and/or internal fault analysis. The third-party providers listed below receive storage products for the purpose of exchange and/or internal fault analysis:
StorRepair GmbH, Businesspark Untermain, Nordring 53-55, 63843 Niedernberg, Germany
Foundever B.V. & Co. KG, Roffhausener Landstraße 18D, 26419 Schortens, Germany
KIOXIA Corporation, 1-21, Shibaura 3-Chome, Minato-ku, Tokyo, 108-0023, Japan
Toshiba Information Equipment Philippines, Inc., 103 East Main Avenue Extension, Special Export Processing Zone, Laguna Technopark, Binan City, Laguna, Philippines
If a storage product is not sent to and/or from one of the companies specified above for the purpose of internal fault analysis, it will be destroyed by the above-mentioned StorRepair GmbH. When performing fault analysis services on the storage product, we cannot rule out that we or the above-mentioned companies will have access to the data stored on it (including personal data).
We therefore ask you – where possible – to completely delete all of your data from the storage products before you send them to us for exchange and / or internal fault analysis.
If this is not possible, sensitive personal data, in particular special category personal data within the meaning of Art. 9 (1) GDPR (e.g. data about racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, or health data), may be processed, depending on what you have saved on your storage product.
In order to process sensitive personal data – even if we want to simply display such data when performing the internal fault analysis – we require the express consent of the data subjects.
As we cannot tell in advance which types of data are saved on your storage device, we need to obtain your consent before we start the internal fault analysis. This is to ensure compliance with data protection requirements in the event that special category personal data is processed. And this takes place in a separate process when your storage products are provided to us.
Regarding the processing of personal data not considered special category personal data within the meaning of Art. 9 GDPR, this personal data can also be regularly processed without the data subject’s consent. Generally speaking, we need your personal data in order to fulfil our contractual or legal obligations towards you. It is also in our legitimate interests to use your personal data as outlined so that we can provide the best possible fault analysis services. In turn, this can help us improve our products on a continuous basis and avoid detected defects going forward. Since – as described above – we cannot rule out the possibility that your storage product will contain sensitive personal data within the meaning of Article 9 (1) GDPR, we require your express consent in order to perform internal fault analysis services.
If your storage product contains third-party personal data, you must ensure that permission has been given to transfer this data to us and that we or one of the above-mentioned companies are allowed to process this data in order to perform the internal fault analysis. You can do so, for example, by obtaining the relevant consent from the data subject if this concerns their sensitive personal data. You also have the option of course of deleting any data contained on your storage media before you send the storage product to us.
IV. Applying to KIOXIA Europe GmbH
We offer various channels if you want to send your application to us. Below we would like to explain to you the data protection implications of using the respective channels.
For clarification: Applications usually contain special category personal data within the meaning of Art. 9 GDPR (e.g. details about a person’s civil status which might reveal information about their sex life or sexual orientation; health data may also be included, e.g. a photo e.g. indicating a person’s eyesight; a photo may also indicate your religious convictions or similarly sensitive information within the meaning of Article 9 GDPR). Such an application may only be processed therefore on the basis of your express and informed consent.
- Applying to us by email
If you apply to us by email, we will ask for your consent regarding the processing of your personal data – which may also include the processing of special category personal data within the meaning of Art. 9 GDPR. The declaration of consent contains a comprehensive explanation of the data protection implications of your application. The sole purpose of obtaining your consent is to be able to consider your application in the given form. - Applying to us by post
We welcome applications in digital form, rather than by post. - Applying to us via a recruitment agency
If you apply to us via a recruitment agency, they will ask you to carefully read through our declaration of consent form and sign it, if you are happy to give your consent, so that we can then consider your application. We will not be able to process your application for data protection reasons without the relevant declaration of consent – the recruitment agency will not be permitted to forward your application as a result. If – despite the fact that you have not given your consent – your application is still forwarded, we will ensure that it is deleted immediately. For your application to be considered, we would ask for your prior consent and also that you resend your application. - Applying to us via our website
If you apply to us via our website, you will be able to access a job advertisement in the form of a PDF document. The email address for sending your application is specified in this document. In this case, the application process also takes place without any personal data entered on our websites. The applicant is referred to the application via email on our corresponding subpage. The information under 1) applies when you submit the application documents by email.
Unfortunately, for data protection reasons, we cannot accept applications that are sent to us through other channels.
V. Trade fairs
In the context of trade fairs – particularly those organised digitally – your personal data is regularly processed by the respective fair organisers / fair operators, including their service providers. With respect to the type of processing operations, we refer you to the privacy policies of these fair organisers / fair operators, including their service providers.
However, we also regularly process your personal data (e.g. storing your contact details), in this case, your name, your email address, your position/job description and – if applicable – your phone number. We will only carry out this type of processing if we have received your consent within the meaning of Art. 6 (1) (a) GDPR in the context of the trade fair or in advance. This is done for the purpose of making contact following the trade fair.
VI. Contact via email
If you contact us directly by email, we ask that you do not enter any sensitive personal data in your email, in particular special category personal data within the meaning of Art. 9 GDPR (e.g. political opinions, health data, etc.).
The personal data you send to us in your email will only be processed by us, our affiliated group companies, and/or third-party providers, whose involvement is necessary to answer and/or process your query. Processing only takes place in countries with an adequate level of data protection as deemed by the EU Commission (this is usually limited to our group companies in Japan). The personal data you enter is processed in order to answer your query, to provide you with additional information, or to fulfil a purpose specified in this Privacy Policy. We, our affiliated group companies, and/or third-party providers, whose involvement is necessary to answer and/or process your query, may respond to you by email – depending on the nature of your query.
Please note that we, our affiliated companies, and/or third parties commissioned by us must have access to the (personal data) that you enter in such cases in order to be able to contact you.
The personal data entered in the email will only be used in order to achieve the above-mentioned purpose or to fulfil some other purpose outlined in this Privacy Policy.
VII. Competitions
From time to time, KIE may participate in competitions or organise competitions themselves.
In the event that we as the competition organiser process personal data, we will only save this data for the duration of the statutory retention periods (in particular in accordance with the German Commercial Code (HGB) and Tax Code (AO)) and to the extent necessary to establish the legal relationship with the participant and for the subsequent performance and management of the competitions. Once the justification for storing the personal data no longer applies, we will ensure that this data is deleted.
- Depending on the competition – e.g. how it is designed – a selection of the following personal data will be saved:
- 1. Postal address and/or
- 2. Email address of the participant in order to notify them if they win and/or send them their prize,
- 3. Their telephone number in order to ensure as far as possible that they can be contacted if incorrect data is entered by mistake,
- 4. And the participant’s date of birth in order to verify their age.
Depending on the competition, the above data may be shared with third parties who provide services in relation to the competition on our behalf.
Where such a third party is based in a third country, appropriate measures will be taken (in particular, conclusion of a contract for commissioned data processing and use of EU standard contractual clauses, etc.) to ensure that the rights of the participant as a data subject are protected.
In the event that the delivery or provision of certain prizes is processed via third parties, we will forward – only in the scope required – the contact details of the winner (i.e. personal data) to the respective cooperation partner so that the prizes can be delivered.
VIII. Sharing of personal data for commissioned processing in accordance with Art. 28 GDPR
In order to process your personal data, we use specialised service providers in some cases (for example, refer to VII. Competitions). We carefully select and regularly check our service providers. They only process personal data on our behalf and strictly in accordance with our instructions on the basis of corresponding order processing contracts within the meaning of Art. 28 GDPR.
IX. Processing of personal data outside the EU / EEA
Your personal data will in part also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). Some of these countries generally have a lower data protection level than in Europe or the equivalence of the data protection level has at least not yet been recognised by the EU Commission in an adequacy decision. In such cases, we will ensure (e.g. by concluding specific agreements) that a sufficient level of protection is provided for your personal data or we will ask for your explicit consent. We transfer, for example, your personal data to countries for which an adequacy decision of the EU Commission does not yet exist, e.g. USA or Philippines. The countries in the above example are therefore third countries without a (recognised) appropriate level of data protection according to European data protection requirements.
In order to reduce the risks associated with such transfers for your personal data, we have concluded model contracts for data transfers to countries outside the EEA (standard contractual clauses (SCCs)) and also taken further precautions where appropriate. In doing so, we are upholding our statutory and regulatory commitments with regard to personal data. These include in particular the existence of a relevant legal basis for the transfer of personal data and the implementation of appropriate security measures that guarantee an adequate level of protection of this data. You have the right to request a copy of the model contracts concluded by us.
Furthermore, we naturally take into account the principle of data minimisation as a valuable asset – for all processing operations of personal data. We therefore always try to minimise the quantity of personal data where possible. In addition, we have concluded order processing contracts with processors – both within and outside the EEA – to ensure a high standard with respect to data protection.
We will therefore transmit your personal data from the EEA to third countries, i.e. countries outside the EEA, only under certain circumstances. Here, the prerequisites follow from the classification of third countries into different categories.
Third countries can be divided into two categories as follows:
- 1. The first category includes third countries that offer an adequate level of data protection as deemed by the EU Commission. As things stand, these include, among others, Canada, Switzerland, Japan, and New Zealand. For an up-to-date and complete list of the countries subject to an adequacy decision, please visit the website of the EU Commission at the following link: Adequacy decisions | European Commission (europa.eu). Under these circumstances, the transfers of personal data do not require any specific authorisation.
- 2. The second category includes third countries that do not offer an adequate level of data protection according to the EU Commission.
It may be the case that an adequacy decision has not yet been issued because the EU Commission has not yet checked the data protection level of the relevant country.
However, it may also be the case that an assessment of levels of data protection has been to the country's disadvantage. For example, according the EU Commission, the USA does not currently offer an adequate level of data protection (so-called “Schrems II” decision: C-311/18).
For transfers to third countries of the second category, we ensure the necessary security so that an adequate level of data protection can be achieved for your personal data.
D. Legal basis for processing
Below we list the legal basis, including examples, on which we rely in the context of the processing of personal data.
Where you have given us your consent to the processing of your personal data, this represents the legal basis for its processing (Art. 6 (1) (a) GDPR). This applies in particular to the processing of special category personal data within the meaning of Art. 9 GDPR.
Such processing operations are possible, for example, when performing the internal fault analysis (see III) and also during the application process (see IV).
At this juncture, we would like to point out for the sole purpose of clarification that the processing operations in cases where consent represents the only legal basis will not be performed without the effective prior consent of the relevant party.
For the processing of personal data in order to initiate or fulfil a contract, in most cases Art. 6 (1) (b) GDPR serves as the legal basis. This includes, for example, the initiation or conclusion of purchase contracts, service contracts, and guarantee contracts.
Where the processing of your personal data is required in order to fulfil our legal obligations (e.g. retention of data), Art. 6 (1) (c) GDPR usually serves as the legal basis. For example, this may include retention obligations under fiscal and commercial law.
We also process personal data for the purpose of safeguarding our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR. Examples of such legitimate interests include maintaining the functionality of our IT systems and the legally required documentation of business contacts. As part of the consideration of interests required in each case, we take into account various aspects, in particular the type of personal data, the purpose of processing, the circumstances of processing, and your interest in the confidentiality of your personal data.
There is another example where we process personal data for a limited period in order to safeguard our legitimate interests: We collect personal data in order to identify the perpetrators in the event of unauthorised accesses or attempted accesses of local servers. In this case, too, we expressly rely upon Art. 6 (1) (f) GDPR.
Such processing operations are possible, for example, in the context of embedded YouTube videos (see. II 4. b)).
In this case, the legitimate interest in hosting the videos on the external platform of a third-party provider is to save bandwidth. Hosting the videos on our servers would mean considerable extra effort in terms of website hosting.
Furthermore, for the sake of clarification, we would like to point out at this juncture that you have the right to object in all cases in which Art. 6 (1) (f) represents the legal basis for the processing operations in accordance with Art. 21 (1) GDPR (see F.).
E. Deleting your personal data
We will delete your personal data as soon as the purpose for which we collected it in the first place no longer applies. Beyond this time period, data storage will only take place to the extent necessary by legislation, regulations, or other legal provisions to which we are subject in the EU or by legal provisions in third countries (if an adequacy decision of the EU Commission exists for the respective country). Where deletion is not possible in individual cases, measures will be taken in order to attempt to restrict the processing of relevant personal data going forward.
F. Your rights as a data subject
As a data subject, you have the following rights in relation to the personal data concerning you that we have processed or are processing based on the data protection laws currently in place:
- You have the right in accordance with Art. 15 GDPR to request information about the personal data we process concerning you. In particular, you can request information about the individual purposes of the processing, the respective categories of personal data, the respective categories of recipient to whom your data has been or will be disclosed, the planned storage period, the right to rectification, erasure, restriction of processing or objection, the existence of the right to complain, the source of the personal data, if not collected by us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about the details of same;
- You have the right in accordance with Art. 16 GDPR to request the immediate correction or completion of incorrect or incomplete personal data stored with us;
- You have the right in accordance with Art. 17 GDPR to request the deletion of your personal data stored with us where the legal requirements are met;
- You have the right in accordance with Art. 18 GDPR to request the restriction of your personal data where the legal requirements are met;
- You have the right in accordance with Art. 20 GDPR to receive the personal data you provided to us in a structured, standard, and machine-readable format, or to request transmission to another controller;
- You have the right in accordance with Art. 7 (3) GDPR to revoke your previous consent to us at any time. As a result of this, we are then no longer permitted to continue data processing that was based exclusively on this consent;
- You have the right in accordance with Art. 77 GDPR to submit a complaint to a data protection supervisory authority with respect to the processing of your personal data by us.
- You have the right in accordance with Art. 21 GDPR, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is carried out on the basis of Art. 6 (1) (e or f) GDPR.
In order to exercise the above-mentioned rights, please contact
KIOXIA Europe GmbH
Data protection officer
Dr Sebastian Kraska
KIE-privacy@kioxia.com
G. Security
Protecting your personal data is a matter of great importance to us. We are therefore committed to protecting the personal data we process against access by unauthorised persons as well as against loss, destruction, and manipulation. In order to achieve this objective, we take appropriate technical and organisational security measures, which are continuously updated and improved in line with technological developments.
H. Amending the Privacy Policy
As we can change the way in which we collect and process your personal data, we reserve the right to amend this Privacy Policy from time to time and update it in accordance with actual developments. Updated versions of this Privacy Policy will be published on our website at this point, stating the date of amendment. We therefore recommend that you regularly check the Privacy Policy in order to learn about possible amendments or updates to the Policy in relation to the processing of your personal data.
Last change: 08.08.2024