Under the European Union General Data Protection Regulation (EU-GDPR), all data subjects have the following rights in relation to the processing of their personal data:
The right of access and right to erasure are subject to the limitations set out in §§ 34 and 35 of the German Federal Data Protection Act (BDSG). Furthermore, you have the right to complain to a responsible data protection supervisory body (Art. 77 of the GDPR and § 19 of the BDSG) if you believe that the processing of your personal data breaches the legal regulations.
In the context of our joint activities, you must provide us with the personal data that we require to accept and perform the relevant activity and to fulfil the associated contractual obligations or that we are required to collect by law. Without this data, we will generally be unable to enter into a contract with you, fulfil our obligations under our contract or provide you with our services.
The departments at Festo that are given access to your data are the departments that require access to enable us to fulfil our contractual and legal obligations (such as call centre services, customer administration, document processing, logistics, IT/application maintenance, etc.). Service providers and agents working on our behalf may also receive your data for the purposes outlined above; such third parties are subject to an agreement to maintain confidentiality. We also employ contractors in various departments (such as IT, HR, finance, sales, etc.).
All data exchanged within our Group is subject to our binding corporate rules on data protection.
A list of companies in our Group is available here:
Your data may also be transferred to other parties with whom you have granted your express consent for your data to be shared. Please note that you may have provided consent directly to Festo or to another external intermediary.
In relation to passing information to recipients outside of Festo, we are contractually obliged to maintain the confidentiality of all customer-related information and feedback of which we become aware in the course of our business activity. We may only share information we hold on you when required by law or when you have provided your consent for us to do so. When data is transferred to external parties in third-party countries (outside the EU), we will ensure that these countries satisfy the same standards as the EU.
For the USA, the EU Commission has decided (in its resolution of 12.07.2016) that the EU-U.S. Privacy Shield regulations provide adequate data protection (adequacy decision, Art. 45 of the GDPR). Further information can be found at: https://www.privacyshield.gov
We will process and store your personal data for as long as required to fulfil our pre-contractual, contractual and legal obligations. Data that is no longer required to fulfil our contractual or legal obligations is deleted on a regular basis, unless (limited) further processing is required for the following purposes: