Data Protection Statement

We want you to feel secure and comfortable in your successful cooperation with Festo. We also want to meet your needs and be a reliable partner when it comes to protecting your personal data. The subject of data privacy is personal data. This is any information relating to an identified or identifiable natural person (data subject). As a global leader in automation technology and technical education, we process personal data on a daily basis. In doing so, we are committed to complying with national and international data privacy laws and regulations, in particular the Personal Data Protection Act (PDPA) 2010.

Data Privacy Notice

1 Responsible persons

Responsible body

Festo Sdn Bhd
14, Jalan Teknologi
Taman Sains Selangor 1
Kota Damansara
47810 Petaling Jaya
Selangor, Malaysia


Company data privacy coordinator

Festo Sdn Bhd
Data Privacy Coordinator: Bess Tan
14, Jalan Teknologi
Taman Sains Selangor 1
Kota Damansara
47810 Petaling Jaya
Selangor, Malaysia
bess.tan@festo.com

2 Groups of persons, purposes and data categories

Your benefit / our purposes
Festo offers you attractive online functions that support you in your daily work in a variety of ways or that you can
use as a job applicant at Festo. For this purpose, we use personal data to establish your identity and to enable
user authentication, e.g. to provide you with the services and functions you have selected from the Festo online
services.
We also process personal data for security reasons, in particular to detect and avert attacks on our websites or to
prevent attempts at fraud.

Data categories
When you visit our websites, web applications or online tools, we store the following personal data, for example:
• the type of device, browser and operating system you are using
• Your IP address
• Date and time of your visits
• Use of the websites and their functions
• Search terms, error messages, information about retrieved files and transferred data volumes
• Websites from which you have reached our websites and websites that you visit from our websites.

Other personal data, such as
• First and last name
• Business contact details such as e-mail address, telephone number
• Information provided in the context of a request,
We only collect this information if you provide it to us voluntarily, for example, as part of a registration, an inquiry,
a contact form, a survey, or to fulfill a contract.
Cookies
To collect this data in our Festo online services, we use cookies on the basis of your consent. In the cookie banner
and in the cookie settings, you can specify which cookies are activated when you use our online services. For your
search on the Festo websites, you only need to make your cookie settings once! Your consent will be saved and
applied to all websites for different end devices.
Links to other websites
This privacy policy applies only to Festo's online services and not to third party websites and applications. Festo's
online services may contain links to third-party websites and applications that may be of interest to you. Festo is
not responsible for the collection, processing and use of your data by these third parties or for the content of these
third-party websites.

2.2 When using mobile apps or local applications
Your benefit / our purposes
Festo offers you a wide range of apps that you can use on your end devices such as notebooks, tablets or
smartphones to help you complete your tasks efficiently and safely. Interesting functions can be set up and
controlled using personal data.
If special functions and benefits are integrated into tools, you will find information on this in the additional privacy
statement for the application.
Festo can only access content and personal data in the applications for service and maintenance purposes.

Data categories
• Contact information, such as first and last name, business address, telephone number and e-mail address
• User-specific settings, such as favorites
• Roles and role-specific settings

2.3 In cooperation with business partners
Your benefit / our purposes
Good business relationships are based on optimal communication between the right people and the efficient
exchange of necessary information. Your personal data is the basis for our communication about products,
services and projects, e.g. to answer your inquiries or to provide you with technical information about products. In
addition, we use your personal data to maintain our (contractual) business relationship, e.g. to process orders for
products and services, to carry out deliveries, repairs and services and for accounting, invoicing and payment
purposes.

Data categories
In the course of working with you as a business partner, Festo processes your personal data as a contact person
for customers, interested parties, sales partners, suppliers or other partners. This is essentially
• Contact information such as first and last name, business address, telephone number and e-mail address
• Information about phone calls, visits, contacts and the content of those communications
• Information required as part of a project or to fulfill a contractual relationship
• Data collected from publicly available sources, information databases or credit agencies

• Where required by law as part of compliance checks, date of birth, information on relevant legal
proceedings and other legal disputes involving business partners
• Payment data, e.g. information for the processing of payment transactions or for fraud prevention,
including credit card information and card verification numbers.
Festo is in contact with you as a B2B contact and does not process any personal data from which you can be
identified as a data subject. There is no profiling that has a legal or similar effect on you.

2.4 For collaboration between Festo and business partners
Your benefit / our purposes
Modern electronic communications provide tools that enable optimal collaboration and the quick and easy
exchange of information and data. When using these tools, personal data may be processed to ensure the identity
and documentation of these contacts.

Data categories
During online sessions and similar functions, the following personal data, among others, may be processed
• Contact information (name, email, company, etc.)
• All information from the shared exchange: access permissions, comments and notes, editing of
documents, usage information such as date and time.

2.5 For direct marketing
Your benefit / our purposes
Festo informs you about important market trends, interesting new products and solutions specific to your industry
and interests. You will also receive information about marketing campaigns, market analysis or similar activities
and events.
You have the right to object to the use of your contact data for these purposes at any time by sending an e-mail to
bess.tan@festo.com or by using the objection option in any communication in this context.

Data categories
In order to provide you with information that is tailored to your needs and preferences, we may collect the following
personal information for direct marketing purposes
• Contact information, such as first and last name and business address, telephone number and email
address
• Your choices for newsletters and areas of interest
• Information about attending trade shows, participating in webinars or the like
• Any other information that you voluntarily provide, provided that you have given your consent.

2.6 Through your work as an employee for Festo
Your benefit / our purposes
Festo is your attractive and reliable employer and in this role fulfills extensive obligations towards you, the state,
institutions, authorities and society. In many obligations relating to your employment relationship, personal data
must be processed for this purpose.
Festo may process sensitive personal data such as health, religious beliefs, or disabilities only with the explicit
consent of the data subject or where required by Malaysian law. Such data will be subject to additional safeguards
and limited access controls.

Employee personal data will be processed for employment-related purposes, in accordance with applicable legal
obligations. Sensitive data will only be collected and used with the employee’s consent or in accordance with
employment and labour laws.

Data categories
Festo collects and processes personal data during your employment.
This data may include
• Master data such as
▪ Personnel number
▪ First and last name
▪ Gender, date and place of birth
▪ Private address
▪ Marital status, number of children
▪ Nationality
▪ Religious affiliation
▪ Disabilities (if specified)

• Contract data such as
▪ Type and scope of employment
▪ Organizational assignment
▪ Collective agreement classification

▪ Remuneration and payment data such as
▪ Charge data
▪ Tax and social security data
▪ Data on the company pension scheme
▪ Bank details
▪ Data on attendance and absence times/employment times
▪ Performance appraisals
• Ergonomic data and categories of health data
▪ Medical certificates of incapacity for work
▪ Rehabilitation measures
▪ Data collected as part of reintegration measures
▪ Necessary work equipment
• Organizational data
▪ Job titles
▪ Organizational structure
▪ Location
▪ Business contact details
• Qualification data
▪ Academic titles
▪ Training and qualifications
▪ Professional career
• Authorizations
▪ Access rights to IT systems
▪ Access rights
▪ Signature regulations
• Usage and performance data
▪ in IT and communication systems
▪ in time recording systems
▪ of material resources and IT end devices spent

For security reasons, in particular to detect and prevent attacks on our IT systems or attempts at fraud, Festo
processes personal data such as
• Logfiles
• Connections to the Internet including decryption and encryption in an encapsulated area
Access to data from IT systems is subject to strict confidentiality.
Festo will only process other personal data, such as the use of your profile picture on WeNet and in other tools, if
you have given your consent. We will inform you about the legal framework conditions in the course of the
respective consent process

2.7 For the planning and implementation of events
Your benefit / our purposes
Festo would be happy to provide you with live information about our capabilities, our attractive range of products
and interesting trends. At various events, we offer you the opportunity to exchange ideas with Festo experts or
other interested parties and trendsetters. In order to offer you a beneficial experience, it is important for us to be
able to adapt to you and your wishes and needs.

Data categories
In order to organize an interesting and successful event, we need a variety of personal information. Depending on
the type and location of the event, we may process information such as
• Contact information, such as first and last name, business address, telephone number and e-mail address
• Event organization information, such as invitations, personal requests, or travel information
• Documentation of your attendance and any security briefings given
• License plates for access and parking permits
• Photo and video recordings for publication and documentation

2.8 For your application process
Your benefit / our purposes
As an attractive employer, Festo wants to attract motivated and qualified employees and offers you a secure and
convenient way of applying to us with Jobs@Festo. Here you can find attractive vacancies and manage your
applications.

Data categories
As part of the application process, Festo processes all personal data that you provide to us during the application
process. This usually includes
• Your candidate profile including
o Name
o Address
o Date of birth
o Contact details such as email address and phone numbers
o Qualifications
• Application documents such as curriculum vitae, certificates, proof of qualifications, photo, desired
position and other information
Your applicant profile will also be visible to other Festo HR recruiters.

2.9 For satisfaction surveys
Your benefit / our purposes

Good information and a good understanding of needs and requirements are an essential basis for the further
development of Festo's services. Within the framework of applicable laws, Festo may also use your business
contact data to conduct customer satisfaction surveys.
You have the right to object to the use of your contact data for these purposes at any time by sending an e-mail to
info@festo.com or by using the objection option in this notice.

Data categories
Depending on the type and purpose of the survey, we will inform you separately about the anonymity of your
feedback. If surveys are not conducted anonymously, various personal data may be processed, such as
• Contact information, such as first and last name, email address, and phone number.
• Business information, such as department or management responsibility, may be processed for specific
surveys or for more sophisticated analysis.
The survey may be based on your feedback about a specific business transaction.

3 Legal basis for the processing of personal data

We process personal data only to the extent necessary to provide the service offered for the stated purpose.
Unless expressly stated otherwise at the time of collection, the legal basis for processing personal data is
• the performance and execution of a contract or pre-contractual measures with you
• the fulfillment of legal obligations to which Festo is subject and/or
• the protection of Festo's legitimate interests
Under the PDPA, consent is the primary basis for processing personal data. Festo will obtain clear and explicit
consent where required, particularly in relation to direct marketing, processing of sensitive personal data, and
collection of employee data.

4 Transmission of personal data

4.1 Transmission of data during processing by Festo
Festo may disclose personal data to
• internal specialist departments
• Other Festo companies or other third parties, e.g. sales partners or suppliers, if this is necessary in
connection with the offer or the establishment, implementation or handling of the business relationship.
• to service providers who process personal data as part of their services, e.g. service providers for IT
security, maintenance activities or event management
• to third parties when necessary to comply with applicable law or to defend against legal claims, e.g. in
connection with compliance screenings, arbitration or litigation, to authorities, government agencies,
health insurers or legal counsel.
If the recipients are located outside the territorial scope of the PDPA, Festo will take measures to ensure suitable
and appropriate safeguards to protect your personal data elsewhere.
• Therefore, we will only transfer your personal data to Festo companies on the basis of the Binding
Corporate Rules ("BCR") to which the members of the Festo Group have committed themselves.
• Personal data will only be transferred to recipients outside the Group if there are EU adequacy decisions
for the recipient's location, the recipients have concluded EU standard contractual clauses with Festo or
have introduced Binding Corporate Rules.

Personal data that you publish via Festo online services (e.g. in chat rooms or forums) can be viewed by other
registered users of the respective Festo online service worldwide.
For avoidance of doubt, any transfer of personal data outside Malaysia will be carried out in compliance with PDPA
requirements. Festo will ensure that the receiving party provides a level of protection comparable to the PDPA and
may use contractual safeguards such as data transfer agreements.
4.2 Social media and plug-ins
Festo is represented on social networks in order to give registered users of these platforms the opportunity to
communicate and exchange information interactively. The use of the respective social networks is also subject to
the terms of use and data privacy declarations of these companies, which provide information on their conditions
and the handling of personal data.
Festo has integrated links to the company's official channels on websites via so-called social plugins. When you
access one of these social plugins, a direct connection is established with the respective provider and your data is
processed by them. If you are logged in to your user account at the time, the provider can associate your visit to
our websites with your user account.

7 Possibility to withdraw consent

If our processing of your personal data is based on your consent to the processing of your personal data, you have
the right to withdraw your consent at any time with effect for the future.
Withdrawal shall not affect the lawfulness of the processing carried out on the basis of the consent prior to the
withdrawal.

6 Data security

Festo takes the necessary technical and organizational measures to ensure adequate protection of your personal
data

7 Possibility to withdraw consent

If our processing of your personal data is based on your consent to the processing of your personal data, you have
the right to withdraw your consent at any time with effect for the future.
Withdrawal shall not affect the lawfulness of the processing carried out on the basis of the consent prior to the
withdrawal.

8 Your rights as a data subject

As a data subject, you have the following rights under the PDPA in relation to the processing of your personal data,
namely rights to :
- Access your personal data held by Festo
- Correct any inaccurate or outdated data
- Withdraw consent at any time
- Object to processing that may cause damage or distress
- Object to direct marketing activities
Festo will provide written notices to data subjects upon collection of their personal data, informing them of the
purpose, their rights, and any third-party disclosures, as required under the PDPA.

9 Contact for data privacy at Festo

Festo's data privacy organization will support you in all matters relating to data privacy at Festo. You can contact
Festo with complaints and exercise your rights as described in this privacy policy.

You can reach our data privacy organization at bess.tan@festo.com.
You may also lodge complaints with the Department of Personal Data Protection Malaysia (JPDP) at
www.pdp.gov.my.
The Festo data privacy organization will deal with your inquiries and complaints as quickly as possible. In addition
to contacting the Festo data privacy organization, you can also contact the relevant data protection supervisory
authority at any time.