The principles of data processing at Liebherr
You have followed this link because you would like to find out about how we handle the personal data of our business partners. We would like to give you an overview of how your personal data is processed and about your rights as a data subject by providing you with the following information.
A. General information
I. What does this data protection policy regulate?
The protection and security of your personal data is extremely important to us. It is accordingly essential that we inform you about the type of personal data that we collect about you, the purpose thereof and what your rights are in relation to your personal data.
II. What is personal data and what does processing mean?
1. “Personal data” (hereinafter also referred to as “data”) is any information that discloses something about a natural person. Personal data is not only information that makes a direct reference to a specific person (such as the name or email address of a person), but also information with which, given appropriate additional knowledge, a reference to a specific person can be made.
2. “Processing” means any measures taken in relation to your personal data (such as the collection, recording, organisation, ordering, storage, use or deletion of data).
B. Data processing
I. Who is in control of the processing of your data?
The body in control (“the controller”) of the processing of your data is:
Liebherr-Great Britain Limited
Stratton Business Park
Tel: 01767 602100
II. What data do we collect and for what purpose?
In the context of cooperation with business partners, we process the following data of contact persons for customers, interested parties, distribution partners, suppliers and partners (hereinafter referred to individually or jointly as “business partner(s)”:
1. Contact information, such as first and last name, business address, business telephone number, business mobile phone number, business fax number and business email address;
2. Payment data, such as the details required to process payment transactions or prevent fraud, including credit card information and card verification numbers;
3. Information that needs to be processed within the context of a project or the implementation of a contractual relationship with Liebherr or that is provided voluntarily by a business partner, e.g. in the context of placing orders, making enquiries or providing project details;
4. Personal data that is collected from publicly available sources or information databases, or that is collected by credit agencies;
5. To the extent legally required in the context of compliance screening: date of birth, ID and ID numbers, information on relevant court proceedings and other legal disputes in which business partners are involved;
6. Further information on the business relationship, such as records, audits, levels of demand, purchasing power classification, category and blocking indicators; as well as
7. Data from access control and building security systems in the event of visits to the plant, such as visit reports, vehicle registration numbers, and video surveillance recordings.
This data is only processed for the following purposes:
1. Communication with business partners in relation to products, services and projects, e.g. in order to process enquiries made by the business partners or prepare technical information regarding products (data categories used: 1, 3)
2. Planning, implementing and administering the (contractual) business relationship between Liebherr and the business partner, e.g. to process orders for products and services, collect payments, for accounting and invoicing purposes, and to carry out deliveries, maintenance tasks or repairs (data categories used: 1 – 4 and, if applicable, 5 – 7)
3. Carrying out customer surveys, marketing campaigns, market analysis, contests and, competitions. (data category used: 1)
4. Compliance with (i) legal requirements (e.g. with record-keeping obligations under tax or commercial law), (ii) existing obligations to carry out compliance screening (to prevent economic crime or money laundering) and (iii) Liebherr guidelines and industry standards (data categories used: 1 – 7) and
5. Settling legal disputes, enforcing existing contracts and asserting, establishing, exercising or defending legal claims (data categories used: 1 – 7)
Data may be processed for other purposes only if the requisite legal conditions pursuant to Article 6(4) GDPR have been met. In this case, we will of course comply with any information obligations pursuant to Article 13(3) GDPR and Article 14(4) GDPR.
III. What is the legal basis on which we collect your data?
Unless there are any specific legal provisions, the legal basis for the processing of your data is, in principle, Article 6 GDPR.
Your data will be processed on the following legal basis/bases:
1. Consent (Article 6(1)(a) GDPR) (for purpose 3)
2. Data processing for the performance of contracts (Article 6(1)(b) GDPR) (for purposes 1, 2, 4)
3. Data processing on the basis of a balancing of interests (Article 6(1)(f) GDPR) (for purpose 3)
4. Data processing for compliance with a legal obligation (Article 6(1)(c) GDPR) (for purpose 4(i) and (ii))
Our legitimate interests are:
1. Commercial interests (purpose 3)
2. Customer service (purpose 3)
3. Product improvement (purpose 3)
4. Risk detection (purpose 3)
5. Customer loyalty (purpose 3)
If we process your data on the basis of your consent, you have the right to withdraw your consent from us at any time with effect from the date of your withdrawal.
If we process your data on the basis of a balancing of interests, you have the right to object to the processing of your data, taking into account the provisions of Article 21 GDPR.
We process your data only to the extent required to fulfil the aforementioned purposes.
IV. To whom and for what purposes do we transmit your data, and which categories of your data do we transmit?
We may transmit your data to:
1. Other companies within the Liebherr Group, provided that this is required to bring about, perform or terminate a contract, or we have a legitimate interest in the transmission and this is not in conflict with an overriding legitimate interest on your part (data category 2)
2. Our service providers that we use to achieve the above-mentioned purposes (data categories 1, 2, 3, 4 and 5)
3. Courts, arbitration tribunals, public authorities or legal advisers, if this is necessary to comply with applicable law or to assert, exercise or defend legal claims (data categories 1, 2 and 5)
V. Will my data be processed outside the United Kingdon and European Union?
A transfer to entities in other countries outside the European Union (so-called third countries) from the United Kingdom is permissible only (1) if you have given us your consent or (2) if the European Commission has decided that there is an adequate level of protection in a third country (Article 45 GDPR). If the Commission has not taken such a decision, we can transfer your data to third parties located in another third country only if appropriate safeguards exist (e.g. standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and the enforcement of your rights as a data subject is guaranteed. The United Kingdom is protected by the exit agreement with the European Union.
VI. When do we delete or anonymise your data?
We process your data, provided that this is necessary for the respective purpose, if you have not effectively objected to the processing of your data or effectively withdrawn the consent that you may have given.
If statutory retention obligations exist – e.g. under tax or commercial law – we will have to store the data affected thereby for the duration of the retention obligation. After the expiry of the retention obligation, we will check whether there is any further necessity for processing. If there is no longer any necessity, your data is deleted.
VII. To what extent is there automated decision-making in each individual case?
In principle, we do not use fully automated decision-making pursuant to Article 22 GDPR to establish and conduct the business relationship. If we use such procedures in individual cases, we will inform you of this individually, if this is required by law.
VIII. To what extent will my data be used for profiling (scoring)?
In some cases, we process your data in an automated manner with the aim of evaluating certain personal aspects (profiling).
We use profiling in the following cases:
1. On the basis of statutory and regulatory provisions, we are obliged to combat money laundering, terrorism financing and criminal offences that pose a threat to assets. Data evaluation (inter alia in payment transactions) is also carried out in this context. At the same time, these measures also serve to protect you. (For purpose 4)
2. We use scoring when assessing your creditworthiness. In this respect, the probability of a customer discharging his payment obligations under the contract is calculated. The calculation may include, for example, income levels, expenditure, existing liabilities, profession, employer, length of service, experiences from the previous business relationship, repayment of previous credit in accordance with the contract, and information from credit agencies. This scoring is based on a mathematically and statistically acknowledged and proven method. The scores calculated support us with decision-making in the context of product sales and are integrated into our ongoing risk management. (For purpose 2)
C. How is your personal data protected from unauthorised access and loss?
We use technical and organisational security measures to ensure that your data is protected from loss, improper changes or unauthorised access by third parties. Moreover, we ensure that, on our side, only authorised persons are granted access to your data and then only to the extent necessary for the above-mentioned purposes. The transmission of all data is encrypted.
D. The rights of the data subject and the right to lodge a complaint
Within the provisions of the legislation, you have the right to:
1. Information about your data;
2. The correction of incorrect data and the completion of incomplete data;
3. The deletion of your data, particularly if (1) it is no longer necessary for the purposes stated in this data protection policy, (2) you withdraw your consent and there is no other legal basis for the processing, (3) your data has been unlawfully processed or (4) you have objected to the processing and there are no overriding legitimate grounds for the processing.
4. The restriction of the processing of your data, especially if the accuracy of the data is contested by you or the processing of your data is unlawful and you request the restriction of use instead of erasure.
5. The right to receive your data in a structured, commonly used and machine-readable format and to have your information transmitted by us directly to another controller.
Please note that the withdrawal of your consent shall not affect the legality of the processing carried out on the basis of your consent until the withdrawal. Your consent can be withdrawn at any time by emailing
If you seek to assert the above rights in a manner that is not in writing, kindly note that we may need to insist that you provide proof to establish that you are the person who you say you are.
In addition, you have the right to lodge a complaint with a supervisory authority.
E. Whom do I contact in respect of data protection issues and how do I contact him or her?
If you have questions about data protection, please contact:
Liebherr-Great Britain Limited
Stratton Business Park
Version: March 2021