Under the European Union’s General Data Protection Regulation (GDPR), all data subjects have the following rights in relation to the processing of their personal data:
The restrictions of sections 34 and 35 of the German Federal Data Protection Act (BDSG) apply to the right of access and the right to erasure. Furthermore, you have the right to complain to a responsible data protection supervisory body (Article 77 of the GDPR and section 19 of the BDSG) if you believe that the processing of your personal data breaches the legal regulations.
In the context of our joint activities, you must provide us with the personal data that we require to accept and perform the relevant activities and to fulfil the associated contractual obligations or that we are required to collect by law. Without this data, we will generally be unable to enter into a contract with you, fulfil our obligations under our contract or provide you with our services.
The departments at Festo that have access to your data are those that require access to enable us to fulfil our contractual and legal obligations (such as call centre services, customer administration, document processing, logistics, IT/EDP maintenance, etc.). Service providers and agents working on our behalf may also receive your data for the purposes outlined above; such third parties are subject to an agreement to maintain confidentiality. We also employ contractors in various departments (such as IT, HR, finance, sales, etc.).
All data exchanged within our Group is subject to our binding corporate rules on data protection.
The list of companies in the Festo Group can be viewed here:
Your data may also be transferred to other parties for whom you have granted your consent for your data to be shared. Please note that you may already have provided consent directly to Festo or to another external intermediary.
In relation to passing information to recipients outside of Festo, we are contractually obliged to maintain confidentiality with regard to all customer-related information and feedback of which we become aware in the course of our business activity. We may only share the information we have about you when required to do so by law or when you have provided your consent for us to do so.
When data is transferred to external parties in third-party countries (outside the EU), we will ensure that these countries observe the same standards as the EU.
For the USA, the EU Commission has decided (in its resolution of 12.07.2016) that the EU–US Privacy Shield regulations provide adequate data protection (adequacy decision, Article 45 of the GDPR). Further information can be found at: https://www.privacyshield.gov
We will process and store your personal data for as long as required to fulfil our precontractual, contractual and legal obligations. Data that is no longer required to fulfil our contractual or legal obligations is deleted on a regular basis, unless (limited) further processing is required for the following purposes: