EN
DE
+352 27 63 53 92
+352 27 63 53 92
Toggle Nav
My Quote

Categories
John Deere New Holland Case IH Fendt Kubota Massey Ferguson STIHL Osram
View All 3500+ Brands
Request a Quote
Menu
Account

PARTAO Data Protection Policy

1. Objectives of this regulation with regard to the management and protection of personal data

Partao collects and processes certain personal information about natural persons. These individuals may be employees, service providers and beneficiaries, suppliers, partners, clients, prospects, event attendees and any other persons with whom Partao has or must have relations.

These internal regulations on the management and protection of personal data (hereinafter the "Regulations") describe how such personal data must be collected, processed and stored in order to meet Partao's protection standards and keep it in compliance with the law.

These Regulations are a general policy that can be supplemented over time by specific policies.

Partao is responsible for its compliance with applicable laws and regulations and must be able to demonstrate this at all times in accordance with the principle of accountability.

2. Scope and updating of these regulations

These regulations apply to all operations of Partao that involve the processing of personal data and must be complied with by all members of staff, including directors and employees, temporary staff, seconded staff, consultants, advisors and contractors.

The processing of personal data is any action (collection, encoding, reproduction, storage, transformation, sharing, deletion, etc.) carried out on data relating to identified or identifiable natural persons (this includes, for example, employees of Partao, employees of suppliers or service recipients, contact persons for other companies, etc.).

These Rules are adopted and may be updated at any time by Partao.

3. Applicable law and definitions

Various national and international laws and Regulations protect the rights of individuals with regard to their privacy and the processing of data concerning them, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter "GDPR").

Certain terms used in this Regulation have particular meanings, these meanings being established in Article 4 of the GDPR.

4. General principles applying to the processing of personal data

Any processing of personal data by or on behalf of Partao must comply with the general principles set out below.

All personal data must be processed fairly, lawfully and transparently. Data may therefore only be processed if one of the following conditions is met:

  • The data subject has given his/her consent (under certain conditions)
  • The processing is necessary for the performance of the contract to which the data subject is a party
  • The processing is necessary for Partao to comply with its legal obligations
  • The processing is necessary to protect vital interests
  • The processing is necessary for legitimate interests pursued by Partao

Personal data may only be processed for clearly limited and defined purposes which are lawful and which were communicated to the data subject.

Partao has a data minimization obligation: the number and nature of the data processed must be adequate, relevant and not excessive.

All personal data must be accurate, complete and kept up to date.

Personal data must not be kept longer than necessary according to our Data Retention Policy.

All personal data processed must be subject to appropriate organizational and security measures.

5. Internal data protection coordinator

Partao has appointed a Data Protection Coordinator (hereinafter "DPC") from among its staff.

Data subjects may contact the DPC for any general questions relating to the processing of personal data within Partao (including compliance with these Regulations).

The DPC can be contacted at: GDPR@partao.com

As of the date of these Regulations, this role is performed within Partao by Partao’s CTO(or acting CTO). If this role is vacant, the responsibilities are delegated to the CEO until filled.

6. General guidelines for Partao personnel

Anyone working for Partao who has access to personal data processed within Partao must read and understand these Regulations and comply with the good practices established by Partao, which include the following behavioral principles:

  1. Authorized Processing Tools:
    When processing personal data, do so with the tools provided for this purpose and respect the procedure (use the software and databases provided by Partao / avoid using third-party software, databases, services, websites, etc., unless you inform the internal IT department).

  2. Data Duplication:
    Do not duplicate personal data unless absolutely necessary.

  3. Data Accuracy:
    When recording personal data, record only what is necessary and avoid encoding errors.

  4. Collection Transparency:
    When collecting data from someone, explain why you need it and for what purpose. You can refer to the privacy policy covering the processing in question.

  5. Data Maintenance:
    Update data when the opportunity arises (request confirmation of data from the data subject, correct errors, delete out-of-date and obsolete data).

  6. Data Transfer Limitations:
    Do not transfer/communicate personal data unless this is the normal procedure (e.g.: do not communicate personal data to a colleague or a third party if this is not justified).

  7. Data Storage Management:
    If you transfer or receive data, delete any unnecessary / residual copies. (E.g.: downloaded files are saved in the correct folder and deleted from the download folder).

  8. Confidentiality Ethics:
    Respect a general confidentiality ethic (don't consult a file if you're not authorized to do so, don't discuss personal information extensively if you don't have to...).

  9. System Security:
    Respect computer system security rules (password secrecy, reporting malfunctions, use of official programs, etc.).

  10. Unauthorized Access Protocol:
    If you are accessing data to which you should not have access, contact the DPC immediately.

  11. Incident Reporting:
    If you suspect that data may have been lost, damaged or accessed by unauthorized persons (due to a virus, computer attack, theft, loss of equipment, etc.), inform the DPC immediately.

  12. Compliance Assistance:
    If you have any doubts or questions about the application of or compliance with these Regulations, or any rules relating to privacy and personal data, please contact the DPC.

Wherever possible, Partao will arrange training to help its staff understand their responsibilities and how best to handle the personal data to which they have access.

7. Consent Requirements

Where processing is based on data subject consent under GDPR:

  1. Demonstrable Consent

    PARTAO must implement technical measures to clearly demonstrate and record the data subject's consent.

  2. Clear Declaration

    When consent is part of a written declaration covering multiple matters:

    • Consent requests must be visually distinct
    • Presented in accessible format
    • Formulated in plain language

  3. Withdrawal Rights

    Data subjects may withdraw consent at any time through:

    • Equal ease of withdrawal as consent provision
    • Prior notification of this right
    • No impact on pre-withdrawal processing legality

  4. Legal Basis Protocol

    Consent will only be used as a legal basis when no alternatives exist under GDPR Article 6(1). All consent-based processing requires:

    • Prior consultation with Data Protection Coordinator (DPC)
    • Strict adherence to EDPB Consent Guidelines
    • Quarterly compliance audits

Persons wishing to exercise their rights as described above should submit their requests in writing and send them to the DPC at the following address: GDPR@partao.com.

No information can be provided in response to oral requests.

If necessary, the data subject may be asked to provide reasonable proof of identity.

All requests will be handled in accordance with the Protocol for Responding to Data Subject Requests.

Data subjects may make repeated requests at reasonable intervals.

Data subjects also have the right to address challenges to Partao regarding its compliance with the provisions of these Regulations and applicable data protection laws. Such objections must also be addressed immediately in writing to the DPC.

9. Management and review of data processing activities

  • All personal data processing activities for which Partao is responsible or which Partao carries out as a processor are documented in a processing register available to the DPC and supervisory authority upon request.
  • Partao applies appropriate safeguards to the processing, including technical and organizational measures, to protect the rights of data subjects.
  • Personal data processing activities carried out by or on behalf of Partao must be reviewed by the DPC to ensure compliance with the law and these Regulations.
  • Any doubts regarding the validity of a data processing activity must be reported to the DPC.
  • Any new activity involving the processing of personal data must first be discussed and approved by the DPC.
  • Before introducing new technologies or launching a new processing likely to entail a high risk for data subjects, Partao, in collaboration with the DPC, will assess the need for a data protection impact analysis.
  • Partao ensures that, by default, only the personal data necessary for each specific purpose is processed.
  • Measures ensure that personal data is not accessible to an indefinite number of individuals without intervention by the data subject.
  • Processing operations that can be parameterized by data subjects must have default settings ensuring minimal risks to data protection and privacy.

10. General guidelines for Partao personnel

  • Anyone working for Partao with access to personal data must read and understand these Regulations and comply with the established good practices.
  • Use only the authorized tools for processing personal data and follow the established procedures.
  • Avoid duplicating personal data unless absolutely necessary.
  • Record only the necessary personal data and ensure accuracy while avoiding errors.
  • When collecting data, explain its purpose and reference the applicable privacy policy.
  • Update data when possible by confirming with the data subject, correcting errors, and removing outdated information.
  • Do not share personal data unless it follows the established procedures.
  • Ensure unnecessary or residual copies of transferred or received data are deleted.
  • Maintain confidentiality by accessing only authorized files and limiting discussions on personal information.
  • Follow IT security protocols, including password protection, reporting issues, and using only authorized software.
  • Report any unauthorized access to personal data to the DPC.
  • Immediately inform the DPC if data is lost, damaged, or accessed by unauthorized individuals due to security breaches.
  • For any questions or doubts regarding data privacy compliance, contact the DPC.
  • Partao will provide training to staff to enhance understanding of their responsibilities and best practices for handling personal data.

11. Data Security

It is Partao's responsibility to secure personal data and its processing. To this end, Partao implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks.

The vast majority of security incidents involve human error. To avoid such errors and ensure the integrity and correct use of its IT systems, Partao has adopted specific policies on the use of IT systems and infrastructures.

12. Contracts with Third Parties and Processors

Where Partao executes contracts with third parties under which personal data is to be transferred or disclosed to such third party, such contract shall include provisions requiring the third party to comply with legal provisions relating to the protection of personal data.

Contracts with third parties who process personal data on behalf of Partao (subcontractors) must comply with numerous legal requirements. A copy of any contract involving the transfer of personal data to third parties must be provided to the DPC for review.

13. Transfer of Data Outside the European Union

Partao may allow the transfer of personal data outside the EU only after ensuring that such data will benefit from the same level of protection as guaranteed by European law (GDPR), and more particularly if the country of destination benefits from an adequacy decision of the EU Commission, or if appropriate safeguards are in place, or with the explicit consent of the data subjects.

Consult the DPC before transferring any data outside the European Union. The DPC will have to analyze the conditions of such a transfer and give its authorization.

14. Data Breach

It is Partao's responsibility to respond promptly and appropriately to security incidents (personal data breaches), namely, to assess the seriousness of the incident and its possible consequences (possible risks with respect to personal data and data subjects), and, in some cases, to notify the data protection authority (within 72 hours of becoming aware of the incident) and/or data subjects (without undue delay).

Examples of such incidents include:

  • Theft or loss of computers, laptops, portable electronic devices, or paper files
  • Hacked or revealed passwords
  • Insecure storage or transmission
  • Detection of vulnerabilities in IT systems and infrastructures
  • Detection of viruses or malware
  • Unauthorized access to IT systems
  • Erroneous data shipments

Any suspicious event or incident that could lead to a breach of security or data access rules must be reported without delay to the DPC, which will follow the Data Breach Protocol.

15. Cooperation with the Data Protection Authority

Partao cooperates with the official data protection authorities and answers their questions without undue delay and at least within the legal deadlines where applicable.

The DPC liaises with the data protection authorities.

PARTAO Cookie Policy

PARTAO

Cookie Policy

1. Introduction

At Partao (“we”, “us”, or “our”), we are committed to protecting your privacy and ensuring transparency regarding the information we collect from you when you visit our website partao.com and all associated storefronts (e.g., partao.de, partao.fr, etc.). This Cookie Policy explains what cookies are, how we use them, your choices regarding cookies, and how you can change your cookie settings.

2. What Are Cookies?

Cookies are small text files placed on your device (such as your computer, smartphone, or tablet) when you visit a website. Cookies are widely used to make websites work more efficiently or to provide information to site owners.

3. Types of Cookies We Use

When you use our Website, the following types of cookies may be used:

  • Essential Cookies: These cookies are necessary for the Website to function properly. They enable you to navigate our Website and use its features, such as accessing secure areas. Without these cookies, certain services cannot be provided.
  • Preference Cookies: These cookies allow our Website to remember your preferences (such as your language or region) to enhance your experience.
  • Analytical Cookies: We use these cookies to collect information about how visitors use our Website. This helps us understand user behavior and improve our Website's performance and functionality.
  • Marketing Cookies: These cookies are used to deliver advertisements that are relevant to you and your interests. They help us measure the effectiveness of our advertising campaigns.

4. Third-Party Cookies

In addition to our own cookies, we may also allow third parties to set cookies on your device when you visit our Website. These third-party cookies are subject to the respective privacy policies of the third parties. We encourage you to review those policies to understand how they use your data.

5. Your Consent

Upon your first visit to our Website, you will see a cookie banner requesting your consent to use certain cookies. By clicking “Allow Cookies,” you consent to the placement of all cookies described in this policy. You may also choose to customize your preferences through “Cookie Settings.”

6. Changing Your Cookie Settings

You can manage your cookie preferences at any time through your web browser settings. Most browsers allow you to refuse cookies or delete cookies already stored on your device. For detailed instructions, please refer to the help section of your browser:

Disabling cookies may affect your ability to use certain features of our Website.

7. More Information About Cookies

For more information about cookies and how to manage them, you can visit:

8. Changes to This Cookie Policy

We may update this Cookie Policy from time to time. Any changes will be posted on this page with an updated effective date. We encourage you to review this policy frequently to stay informed about our cookie practices.

9. Contact Us

If you have any questions about this Cookie Policy or our practices regarding cookies, please contact us at:

Email: customer-service@partao.com