1. What are your data protection rights?
Under the European Union General Data Protection Regulation (EU-GDPR), all data subjects have the following rights in relation to the processing of their personal data:
• Right of access based on Article 15 of the EU-GDPR
• Right to rectification based on Article 16 of the EU-GDPR
• Right to erasure based on Article 17 of the EU-GDPR
• Right to restriction of processing based on Article 18 of the EU-GDPR
• Right to data portability based on Article 20 of the EU-GDPR
• Right to object based on Article 21 of the EU-GDPR
The right of access and right to erasure are subject to the limitations set out in §§ 34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, you have the right to complain to a responsible data protection supervisory body (Art. 77 of the GDPR and § 19 of the BDSG) if you believe that the processing of your personal data breaches the legal regulations.
2. What do you need to know about your right to object?
• Right to object on a case-by-case basis
You have the right to object to the processing of your personal data processed under Article 6, para. 1(e) of the EU-GDPR (data processing in the public interest) and Article 6, para. 1(f) of the EU-GDPR (data processing based on legitimate interests) for any reason relating to your specific personal situation; this also applies to profiling based on these provisions, as defined in Article 4, no. 4 of the EU-GDPR.
If you file an objection, we will no longer process your personal data unless we can demonstrate that there are legitimate compelling grounds for processing that override your interests, rights and freedoms, or if the processing is required for the establishment, exercise or defence of legal claims.
• Right to object to data processing for direct marketing purposes
In some cases, we may process your personal data for direct marketing purposes. You have the right to object to your personal data being used for direct marketing purposes at any time; this also applies to profiling connected to such direct marketing exercises. If you file an objection to your data being processed for direct marketing purposes, we will no longer use your personal data for these purposes.
• Please note that your objection will only apply to future data processing,
which means that the legality of any processing that has taken place up to the point at which your objection is made remains unaffected. The further processing of your data based on other legal purposes, such as the fulfilment of legal obligations, also remains unaffected.
• You can submit your objection in any format to:
Str. Sf. Constantin nr. 17
Sector 1, 010217 - Bucuresti
Tel: +40 21 300 0720
3. Do you have any obligation to provide data?
In the context of our joint activities, you must provide us with the personal data that we require to accept and perform the relevant activity and to fulfil the associated contractual obligations or that we are required to collect by law. Without this data, we will generally be unable to enter into a contract with you, fulfil our obligations under our contract or provide you with our services.
4. Who receives your data?
The departments at Festo that are given access to your data are the departments that require access to enable us to fulfil our contractual and legal obligations (such as call centre services, customer administration, document processing, logistics, IT/application maintenance, etc.). Service providers and agents working on our behalf may also receive your data for the purposes outlined above; such third parties are subject to an agreement to maintain confidentiality. We also employ contractors in various departments (such as IT, HR, finance, sales, etc.).
All data exchanged within our Group is subject to our binding corporate rules on data protection. A list of companies in our Group is available here: https://www.festo.com/hq/en/cms/festo.htm
Your data may also be transferred to other parties with whom you have granted your express consent for your data to be shared. Please note that you may have provided consent directly to Festo or to another external intermediary.
In relation to passing informati on to recipients outside of Festo, we are contractually obliged to maintain the confidentiality of all customer-related information and feedback of which we become aware in the course of our business activity. We may only share information we hold on you when required by law or when you have provided your consent for us to do so.
When data is transferred to external parties in third-party countries (outside the EU), we will ensure that these countries satisfy the same standards as the EU.
For the USA, the EU Commission has decided (in its resolution of 12.07.2016) that the EU-U.S. Privacy Shield regulations provide adequate data protection (adequacy decision, Art. 45 of the GDPR). Further information can be found at: https://www.privacyshield.gov.
5. How long will your data be stored?
We will process and store your personal data for as long as required to fulfil our pre-contractual, contractual and legal obligations. Data that is no longer required to fulfil our contractual or legal obligations is deleted on a regular basis, unless (limited) further processing is required for the following purposes:
• Compliance with commercial and tax-related retention periods as
defined in state-specific and other regulations. We are required to comply with the retention and documentation periods specified in these regulations.
• Retention of evidence in the context of statute of limitation regulations.
These limitation periods may last up to thirty years; the general limitation period varies from country to country.