Privacy & GDPR Information Notice (Article 13)

1. Introduction and regulatory context

The General Data Protection Regulation (GDPR) requires the data controller to provide data subjects, at the time personal data are collected, with clear and accessible information (Article 13). This policy formalizes such information for all of our activities as well as for our website.

2. Scope and data subjects concerned

This document applies to the processing of personal data carried out by thyssenkrupp Presta France SAS for the following purposes:

• human resources management (employees),

• access management and site security (visitors, video surveillance),

• commercial relationships (customers and suppliers),

• online services and the website (users).

3. Information (Article 13) by data subject category

3.1 Employees
3.2 Visitors
3.3 Customers and suppliers
3.4 Video surveillance
3.5 Website users and users of online services

4. Rights of data subjects

• Right of access (Art. 15)

• Right to rectification (Art. 16)

• Right to erasure (Art. 17)

• Right to restriction of processing (Art. 18)

• Right to object (Art. 21)

• Right to data portability (Art. 20, where applicable)

• Right to withdraw consent (without retroactive effect)

5. How to exercise your rights and contact details

To exercise your rights, you may contact the Data Protection Officer (DPO) or the data controller (contact details below). We will respond within one month, which may be extended by a further two months due to the complexity or number of requests.

thyssenkrupp Presta France SAS
Z.I. Ste Agathe – 8, rue Lavoisier
B.P. 70001 – 57192 Florange, France

Data Controller: Flavie HERBRECHT
contactRH@thyssenkrupp-automotive.com – Tel.: +33 3 82 82 53 53

Data Protection Officer (DPO): Clément POUSSIN
informationsecurity.tkpf@thyssenkrupp-automotive.com – Tel.: +33 3 82 82 53 53

6. Complaints

Any person may lodge a complaint with the CNIL:
www.cnil.fr – CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.