Siemens Data Privacy Notice
Protecting the security and privacy of your personal data is important to Siemens. Therefore, Siemens (for further company details, please see the “Corporate Information”) processes personal data in compliance with applicable laws on data protection and data security.
Categories of personal data processed, purpose of the processing and legal basis
When visiting Siemens’ websites, applications or online tools (each a “Siemens Online Offering”), Siemens may process the following personal data about you:
- Personal data that you actively and voluntarily provide via the Siemens Online Offering (e.g., when registering, contacting us with your inquiries or participating in surveys, etc.), including name, e-mail address, telephone number, information submitted as part of a support request, comments or forum posts, etc.; and
- Information that is automatically sent to us by your web browser or device, such as your IP-address, device type, browser type, referring site, sides accessed during your visit, the date and time of each visitor request.
We process your personal data for the following purposes:
- to provide the Siemens Online Offering’s services and functions and to administer your use of the Siemens Online Offering;
- to verify your identity (if you registered to Siemens Online Offering);
- to answer and fulfill your specific requests; and
The processing of your personal data is necessary to meet the aforementioned purposes. Unless indicated otherwise, the legal basis for the processing of your personal data is Article 6 (1) (b) or (f) of the General Data Protection Regulation or – if explicitly provided by you – your consent (Article 6 (1) (a) of the General Data Protection Regulation). If Siemens does not collect the respective personal data, the purposes described may not be met by Siemens.
Links to other websites
Categories of personal data processed, purpose of the processing and legal basis
In the context of the business relationship with Siemens, Siemens may process the following categories of personal data of contact persons at our customers, suppliers, vendors and partners (each a “Business Partner”):
- Contact information, such as full name, work address, work telephone number, work mobile phone number, work fax number and work email address;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further information necessarily processed in a project or contractual relationship with Siemens or voluntarily provided by the Business Partner, such as orders placed, payments made, requests, and project milestones;
- Information collected from publicly available resources, integrity data bases and credit agencies; and
- If legally required for Business Partner compliance screenings: information about relevant and significant litigation or other legal proceedings against Business Partners; and
Siemens may process the personal data for the following purposes:
- Communicating with Business Partners about products, services and projects of Siemens or Business Partners, e.g. by responding to inquiries or requests or providing you with technical information about purchased products;
- Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
- Administrating and performing customer surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Siemens policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
The processing of personal data is necessary to meet the aforementioned purposes including the performance of the respective (contractual) relationship with Business Partners. Unless indicated otherwise, the legal basis for the processing of personal data is Article 6 (1) (b) or (f) of the General Data Protection Regulation or – if explicitly provided by Business Partner Contacts – the consent (Article 6 (1) (a) of the General Data Protection Regulation). If Siemens does not collect the respective personal data, the purposes described may not be met by Siemens.
Siemens may transfer personal data to other Siemens companies or third parties, but only if and to the extent such transfer is strictly required for the purposes mentioned above.
If legally permitted to do so, Siemens may transfer personal data to courts, law enforcement authorities, regulators or attorneys if necessary to comply with the law or for the establishment, exercise or defense of legal claims.
Siemens commissions service providers (so-called data processors), such as hosting or IT maintenance service providers, which only act upon instructions of Siemens and are contractually bound to act in compliance with applicable data protection law.
Recipients of personal data may possibly be located in countries outside of the European Economic Area (“third countries”), in which applicable laws do not offer the same level of data protection as the laws of the respective individual’s home country.
In such cases, Siemens takes measures to implement appropriate and suitable safeguards for the protection of personal data by other means.
- We share personal data with Siemens companies in third countries only if they have implemented the Siemens Binding Corporate Rules („BCR“) for the protection of personal data. Further information about the Siemens BCR can be found here.
- We transfer personal data to external recipients in third countries only in case the respective recipient (i) entered into EU Standard Contractual Clauses with Siemens, (ii) implemented Binding Corporate Rules in its organization or (iii) – in case of US recipients – the recipient is certified under the Privacy Shield. Affected individuals may request further information and copies of the safeguards by contacting Siemens.
Personal data published by you on Siemens Online Offerings (such as chat rooms or forums) may be globally accessible to other registered user of the respective Siemens Online Offering.
Unless explicitly indicated otherwise at the time of the collection of personal data (e.g. within a consent form accepted by you), we erase personal data if the retention of the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed and no statutory retention obligations under applicable law (such as tax or commercial law) require us to further retain personal data.
In case you declared your consent for the processing of certain personal data by Siemens, you have the right to withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. In case consent is withdrawn, Siemens may only further process the personal data where there is another legal ground for the processing.
Under applicable data protection law you may – provided that the respective legal pre-conditions are met – have the right to:
- obtain from Siemens confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
- obtain from Siemens the rectification of inaccurate personal data concerning you;
- obtain from Siemens the erasure of your personal data;
- obtain from Siemens restriction of processing regarding your personal data;
- obtain from Siemens a copy of personal data concerning you, which you actively provided, in a structured, commonly used and machine-readable format and to request from Siemens that we transmit those data to another recipient selected by you; and
- object, on grounds relating to your particular situation, to processing of personal data concerning you.
The Siemens Chief Data Privacy Officer and his team (the “Siemens Data Protection Organization”) provide support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Siemens Data Privacy Organization may be contacted at: firstname.lastname@example.org.
The Siemens Data Privacy Organization will always use best efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Siemens Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint. The data protection authority competent for Siemens AG is:
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27, 91522 Ansbach
A list of national data protection authorities is available here.