1.1. For which purposes are we processing your personal data?
In order to provide TA/UTAX FM services as agreed, TA processes your personal data to the purposes listed below. TA does process your personal data for marketing purposes.
- Billing and supply management. TA processes contact information (e.g. name, email address) to organize the supply of products and services as agreed (e.g. the delivery of toner) and to invoice these services.
User account management. TA has obtained your name and email address either directly from you or indirectly from a TA customer (probably your employer) so that we can set-up and manage a user account for you.
Device management. Configuration and maintenance of the device, security settings, asset management, general administrative tasks (such as adding and removing devices).
Remote access. In individual cases and after the user’s specific acceptance, log files with device and personal data are created and sent to the TA/UTAX FM server and used for the purpose of remote maintenance of that particular device. In case a TA service engineer may have access to the device address book during a remote maintenance session, no information shall be stored from the address book.
Quality improvement. Device data, including IP-address and serial number of the device, are used for improving the quality and reliability of the device and consumables as well as system and network scalability. TA anonymizes personal data before conducting the data analysis.
1.2. On what legal basis are we processing your personal data?
TA only processes personal data in accordance with the principles provided by the Regulation (EU) 2016/679 General Data Protection Regulation.
Regarding purpose (A) TA has a legitimate interest according to Article 6(1)(f) GDPR to have a specific contact person so that TA can deliver the agreed services to its customers – most likely your employer.
For purposes (B) – (D) we are acting as a data processor and TA’s customer – as data controller – is responsible to demonstrate the legal basis for these processing purposes.
Regarding purpose (E), the data processing is within TA’s legitimate interests according to Article 6(1)(f) GDPR for TA to assess and improve the reliability, quality and performance of the system and customers’ devices.
We have made a careful assessment of your fundamental rights and freedoms and our legitimate business interests and are continuously monitoring the balance. Should you however wish to object to the processing of your personal data please see the section ‘Your rights’ below.
1.3. Who are we sharing your personal data with?
In order to provide TA/UTAX FM services as agreed, TA uses third party service providers which may access your personal data. Below you find a list of 3rd parties with which and for what purposes TA shares your personal data. Your personal information shall only be shared with:
- KYOCERA Document Solutions Europe B.V. (Netherlands) for the purpose of user account management and quality improvement;
- KYOCERA Document Solutions Inc. (Japan) for the purpose of quality improvement and managing the hosting of the TA/UTAX FM platform and data;
- The external TA/UTAX FM hosting provider in the Netherlands (Microsoft Azure region West-Europe);
- External service providers for the provision of agreed TA/UTAX FM services and the purpose of quality improvement of TA products and services. A list of appointed service providers can be found here.
- To the extent we are required by law, regulation or court order to disclose your personal data, we may have to share your personal data in compliance with that law, regulation, or court order.
1.4. International transfers
Where we transfer (see above to whom we are sharing your personal data with) your personal data to a service provider which is based in a country that does not provide an adequate level of protection by domestic law according to the European Commission, we have ensured this adequate level of protection by agreeing on additional appropriate safeguards with that group company or third party through the conclusion of Standard Contractual Clauses as adopted by the European Commission. A list of countries that have ensured an adequate level of protection according to the European Commission can be found here. You may request a copy of the Standard Contractual Clauses by sending us an email.
Alternatively, we may ask you for your explicit consent to the proposed transfer.
1.5. For how long de we keep your personal data?
Where possible, we have set specific retention periods for keeping your personal data. These specific retention periods are stated below, or we shall communicate these to you at or before we start processing your personal data.
Where it is not possible for us to use set retention periods, we have stated below the criteria that we use to determine the retention periods.
Specific retention periods
- Billing and supply management: Any (personal) information related to this purpose, e.g. invoices, shall be kept for a period of 6 years (business information) or 10 years (accounting information).
- User account management: We shall keep your personal information related to your user account as long as you have an active user account with us. Inactive user accounts shall be erased after one year of last use. There is no obligation for you from our side to have your account set-up; if you don’t log in for the first time within 30 days of creation of the account, we shall erase it. You may always request us to delete your user account. In that instance, we shall erase your user account within 30 days after your request. Your personal data may be 4 stored after the deletion of your account in our back-up systems and will automatically be deleted after 35 days.
- Device management and remote access: We will delete TA/UTAX FM logs and the usage history including audit and email logs after 70 days of their creation.
- Quality improvement: Device data, including IP-addresses and serial number, are deleted once the device is removed from TA/UTAX FM.
Criteria for determining retention periods
In any other circumstances, we use the following criteria to determine the applicable retention period:
- The assessment of your fundamental rights and freedoms;
- The purpose(s) of processing your personal data. We shall not keep your personal data longer than is necessary for the purpose(s) we collected it for.
- Any relevant industry practices or codes of conduct on keeping personal data;
- The level of risk and cost associated with keeping your personal data (accurate and up-to-date);
- Whether we have a valid lawful basis to keep your personal data;
- The nature, scope and context of processing of your personal data and our relationship with you;
- Any other relevant circumstances that may apply.
In any case, we shall keep your personal data in compliance with applicable legal requirements and we make periodical reviews of the personal data we hold.
1.6. Which technical and organizational measures we have taken
We take the security of your personal data very seriously and take all reasonable efforts to protect your personal data from loss, misuse, theft, unauthorized access, disclosure or modification.
In our continuous efforts to achieve excellence we acquired the ISO/IEC 27017 certification, which certification
ensures additional information security controls applicable to the provision of TA/UTAX FM. For further information we refer you to the TA/UTAX Security Whitepaper.
1.7. Your rights
You have certain legal rights that we wish to inform you of. The processing of personal data is necessary to achieve the above mentioned purposes for TA to comply with its contractual obligations towards its customers. In the event you should demand from TA to delete your personal data, substitute contact details should be provided so that TA can provide TA/UTAX FM as agreed. As a Data Processor, TA is obliged to liaise with the Data Controller before realizing your request.
Access: You have the right to be informed on whether we process your personal information or not and to related information on that processing.
Rectification: You have the right to have your personal information rectified or completed by us without undue delay. If you have set up an account with us, you have the possibility to rectify or complete your personal information yourself.
Right to be forgotten: You have the right to have your personal information erased by us without undue delay. This right is limited to specific grounds, for example if you have withdrawn your consent, or if you object and there are no overriding legitimate grounds for us to maintain the processing. If you have an account with us, you have the option to erase your personal data yourself, in which case all your personal data is permanently deleted. In order to prevent that the user account will be deactivated, alternative contact details shall be provided.
Restriction of processing: You have the right to request that we restrict the processing of your personal information based on specific grounds. These are (1) the time for us to verify the accuracy of your personal information on your request; (2) instead of erasure of unlawful processing, you request restriction of use instead; (3) you need personal information in legal proceedings; or (4) we are verifying whether our legitimate grounds override your objection to the processing.
Right to object: You have the right to object at any time to our processing of your personal information if such processing is (1) based on our legitimate interest (including us making a profile of you based on your consent); (2) for direct marketing purposes; or (3) necessary for the performance of a task carried out in the public interest or exercise of official authority vested in us. We shall cease to process your personal information based on your objection, unless we demonstrate compelling legitimate grounds overriding your interests, rights and freedoms or if we need your personal information in legal proceedings.
Data portability: We are required to inform you of your right to receive your personal information from us so that you can transmit that personal information to another service provider. For TA/UTAX FM that means that at your request we shall supply you with your personal information related to your user account. It does not include any device data, including data that was transmitted to us in a log file
Consent withdrawal: If you have supplied us with your personal information based on your consent, you have the right to withdraw such consent at any time. You may do so by unsubscribing from the service that you have subscribed to if applicable. You may also do so by sending us an email to the applicable privacy email address as stated below. We shall then permanently remove your personal information from our database.
Lodging a complaint: You have the right to lodge a complaint with a supervisory authority, in particular in the country of your residence, about our processing of your personal information. You can find a complete list of supervisory authorities here.
2. Exercising your rights and contacting us
At ta we have a network of privacy professionals available, including a Data Protection Officer, to assist you with your queries. If you wish to exercise any of your rights, or you have a question about this document, please contact us via email, or send us a letter to the address below:
TA Triumph-Adler GmbH
Attn.: Data Protection Officer
Deelbögenkamp 4c, Haus 5
Please inform us of your country of residence so that we can direct you to the appropriate privacy professional. Also please note that in exercising your rights, we may ask you to complete a request form. We shall then inform you of the process of handling your request.
3. Changes to this document
In the event that we modify this document, we will publish it on our website with a revised publication date and, if applicable, notify you of the changed document via your user account.
Last modified: March 2021