Data Protection Statement

Festo (Pty) Ltd is the Responsible Party under the Protection of Personal Information Act, 2013. In this policy, the terms “we”, “us”, and “our” refer to Festo (Pty) Ltd and, where relevant, Festo Group entities that support service delivery under contract. The terms “you” and “your” refer to the Data Subject whose personal information we process. As the Responsible Party, we determine the purposes for which personal information is collected and the manner in which it is processed, and we ensure that all processing complies with the conditions for lawful processing in Chapter 3 of POPIA.

This policy applies to customers, prospective customers, website visitors, learners, suppliers, contractors, employees, and job applicants. You are regarded as a Data Subject whenever you engage with our automation products, software, services, didactic training, websites, or recruiting platforms.

For recruiting activities, SAP SuccessFactors acts as an Operator processing candidate data under our documented instructions. SAP’s listed sub-processors provide hosting and support services. We remain accountable for all Operator processing as required by section 20 of POPIA.

Your personal information is protected by law, and you have the right to know when it is collected, why it is collected, how it will be used, and with whom it will be shared where this is lawful and necessary. For example, when you are a customer we process your contact details, order and delivery data, service tickets, and payment information in order to quote, supply, commission, and support automation solutions. When you are a learner or training client, we process enrolment data, assessment results, attendance records, and certification data to deliver didactic training and issue credentials. When you are a supplier or contractor, we process your company registration details, tax details, banking details, and performance data for onboarding, compliance, and payment purposes. When you are an employee or job applicant, we process human resources and recruiting data to manage the employment relationship and to run fair and compliant recruitment processes in SuccessFactors Recruiting.

This policy also serves as our notification to you under Section 18 of POPIA. It explains the categories of personal information that we collect, the purposes for which we process your information, the manner in which we process and store information, the recipients with whom information may be shared where this is lawful and necessary, the security measures that we use to protect your information, the retention periods that apply, and whether any automated decision-making is used. Where automated screening or ranking tools are enabled in SuccessFactors, you have the right to request human review and to contest an outcome.

We process identification and contact details, business contact information, transaction and service records, technical and usage data from our websites and portals, learning records, CCTV and access logs for our premises, human resources and recruiting records, and supplier due-diligence information. We collect this personal information in order to quote, sell, deliver, commission, support, and maintain our products and services, to provide technical support and customer administration, to deliver didactic training and issue certificates, to manage supplier and employee relationships, to operate websites, portals, and analytics, and to comply with obligations under tax, labour, safety, financial, and company law.

Processing refers to any activity that involves personal information. This includes collection, receipt, storage, use, updating, sharing with authorised recipients, and secure destruction when the information is no longer required. We only process personal information on lawful grounds. These include where you have given consent, where processing is required to perform a contract, where processing is required by law, or where we or a third party have a legitimate interest such as ensuring security, preventing fraud, improving services, or carrying out quality assurance.

We may combine personal information obtained from different sources where the law allows us to do so. For example, we may combine website interactions, correspondence, service records, and global Festo systems that are operated under contract. Combined data is used only for the purposes set out in this policy.

By using our websites and portals, engaging with our teams, enrolling for training, applying for roles, or purchasing our products and services, you acknowledge that Festo South Africa processes your personal information in line with this policy and the conditions for lawful processing under POPIA.

You have a number of rights under POPIA. You have the right to request access to your personal information, to request correction of information that is inaccurate or incomplete, and to request deletion of information where the law allows. You have the right to object to the processing of your personal information on reasonable grounds, and to request that we restrict the processing of your information in specific circumstances. Where we rely on your consent, you have the right to withdraw your consent at any time, although this will not affect the lawfulness of any processing carried out before the withdrawal. Finally, you have the right to lodge a complaint with the Information Regulator of South Africa if you believe that we have contravened the protection of your personal information.

Personal information is any information that identifies you as an individual or that relates specifically to you. In terms of the Protection of Personal Information Act, 2013 (POPIA), personal information also extends to juristic persons such as companies and close corporations. This means that the personal information of our customers, learners, suppliers, contractors, service providers, employees, job applicants, and visitors to our website is protected by law.

Personal information includes a wide range of details about you. It covers your name, identity number, age, date of birth, marital status, gender, pregnancy, race, ethnic origin, national origin, colour, language, culture, social origin, conscience, belief, religion, and sexual orientation. It also includes information about your physical or mental health, any disability or well-being records, biometric data, medical history, and criminal history.

Personal information further extends to your contact and identifying details such as your residential or business address, postal address, telephone numbers, email addresses, online identifiers, location information, and any other unique identifiers linked to you. It also includes your education and employment history, your financial and tax records, and any correspondence you exchange with Festo South Africa. Your personal information may also include your views, preferences, and opinions, as well as the views or opinions of others about you.

For suppliers, service providers, and other juristic persons, personal information includes company registration details, VAT numbers, B-BBEE certificates, director information, tax compliance documentation, and banking details required for procurement, contract performance, and payment purposes.

In the context of recruitment, personal information also includes your CV, qualifications, right-to-work documentation, references, assessment results, interview notes, consent records, and SuccessFactors system metadata necessary to administer your application.

For employees and job applicants, personal information includes payroll and remuneration records, bank account details, tax numbers, UIF and provident fund contributions, emergency contact and next-of-kin details, disciplinary and grievance records, leave records, timesheets, qualifications, and training or certification records required for occupational health and safety compliance. In the context of recruitment, we may also process your CV, academic records, professional memberships, reference checks, and assessment results as part of our candidate evaluation processes in SAP SuccessFactors Recruiting.

In the course of meeting our health and safety obligations, we may also process accident and injury reports, occupational medical certificates, and medical surveillance results where this is required by law or to protect workplace safety.
When you interact with our websites, portals, or online platforms, personal information may include technical details such as your IP address, cookies, device identifiers, secure login details for customer or training portals, and your browsing activity on our website. These details allow us to provide you with access to online services, maintain the security of our systems, and improve your user experience.

As the Responsible Party, Festo South Africa is required to ensure that all personal information is collected, used, stored, shared, and safeguarded in a lawful and secure manner in full compliance with POPIA and, where applicable, the global Festo data protection framework.

The supply of certain personal information to Festo (Pty) Ltd is mandatory. This means we are required by law to collect and process specific categories of personal information in order to comply with statutory obligations. If you do not provide this mandatory information, we will not be able to meet our legal duties, and we will not be able to establish or continue a business relationship with you.

The table below links mandatory information to our main departments and relevant South African legislation:

Human Resources (HR)

• Basic Conditions of Employment Act, No. 75 of 1997;
• Labour Relations Act, No. 66 of 1995;
• Employment Equity Act, No. 55 of 1998;
• Skills Development Act, No. 97 of 1998;
• Skills Development Levies Act, No. 9 of 1999;
• Unemployment Insurance Act, No. 63 of 2001;
• Compensation for Occupational Injuries and Diseases Act, No. 130 of 1993;
• Occupational Health and Safety Act, No. 85 of 1993;
• Pension Funds Act, No. 24 of 1956;
• Children’s Act, No. 38 of 2005;
• National Minimum Wage Act(2018)
• Medical Schemes Act, No. 131 of 1998.

Finance & Tax

• Companies Act, No. 71 of 2008;
• Income Tax Act, No. 58 of 1962;
• Value-Added Tax Act, No. 89 of 1991;
• Financial Intelligence Centre Act, No. 38 of 2001;
• Financial Sector Regulation Act, No. 9 of 2017;
• Broad-Based Black Economic Empowerment Act, No. 53 of 2003

IT & Data Security

• Electronic Communications and Transactions Act, No. 25 of 2002;
• Regulation of Interception of Communications and Provision of Communication-Related Information Act, No. 70 of 2002;
• Cybercrimes Act, No. 19 of 2020;
• Protection of Personal Information Act, No. 4 of 2013

Logistics & Operations

• Occupational Health and Safety Act, No. 85 of 1993; Compensation for Occupational Injuries and Diseases Act, No. 130 of 1993;
• Consumer Protection Act, No. 68 of 2008;
• National Road Traffic Act, No. 93 of 1996;
• Machinery and Occupational Safety Amendment Act, No. 181 of 1993

Sales & Marketing

• Consumer Protection Act, No. 68 of 2008;
• Electronic Communications and Transactions Act, No. 25 of 2002;
• National Credit Act, No. 34 of 2005

Training & Didactic

• Skills Development Act, No. 97 of 1998;
• Skills Development Levies Act, No. 9 of 1999;
• National Qualifications Framework Act, No. 67 of 2008;
• Occupational Health and Safety Act, No. 85 of 1993

Governance & Legal

• Companies Act, No. 71 of 2008;
• Promotion of Access to Information Act, No. 2 of 2000;
• Protection of Personal Information Act, No. 4 of 2013;
• Competition Act, No. 89 of 1998;
• Broad-Based Black Economic Empowerment Act, No. 53 of 2003

Where the law requires us to collect this information, you are legally obliged to provide it. If you choose not to provide mandatory information, we cannot comply with our obligations, and as a result we will not be able to continue supplying products, delivering services, or maintaining a contractual or employment relationship with you.

In other cases, the supply of personal information is voluntary. This means there is no law compelling you to provide it, but we still need the information in order to provide services, respond to enquiries, deliver products, or communicate with you effectively. For example, we may request your email address to send you order confirmations, service notifications, or training certificates. We may also require your banking details to reimburse expenses or to pay suppliers, even though no statute compels us to collect this information. If you choose not to provide voluntary information, we may not be able to deliver the services or communications that you expect from us.

Whether mandatory or voluntary, all personal information that we collect is processed in accordance with POPIA and safeguarded under strict confidentiality and security standards.

For recruiting, you must supply information required by labour, immigration, and equity reporting laws, and information needed to assess suitability for employment. Optional items, such as inclusion in a talent pool or receiving job alerts, are voluntary and depend on your consent.

Festo (Pty) Ltd will only process your personal information when it is lawful to do so and where the processing is directly related to our business operations in industrial automation, engineering solutions, didactic training, and corporate administration. We process personal information strictly within the conditions for lawful processing set out in Chapter 3 of the Protection of Personal Information Act, 2013 (POPIA).

We will process your personal information in the following circumstances:

• We will process your personal information if you have given us your consent. For example, you may consent to receive product updates, newsletters, invitations to technical training courses, or other communications about our automation and didactic solutions.
• We will process your personal information if a person who is legally authorised by you, by law, or by a court has given consent on your behalf. For example, where a parent or guardian provides consent for a learner in a training program, or where an employee representative is lawfully authorised to act on behalf of a staff member.
• We will process your personal information if it is necessary to conclude or perform under a contract that we have with you. For example, when you place an order for automation components or training services, we must process your company details, delivery information, and payment details in order to deliver the products or services, provide installation or commissioning support, and issue invoices. Similarly, in the context of employment, we must process payroll data, leave records, and HR documentation in order to fulfil our contractual obligations to employees.
• We will process your personal information if a specific law requires or permits us to do so. For example, the Income Tax Act and Value-Added Tax Act require us to keep tax and VAT records; the Labour Relations Act and Basic Conditions of Employment Act require us to retain employment and disciplinary records; the Employment Equity Act requires us to process demographic information for reporting; the Occupational Health and Safety Act requires us to keep safety and incident records; and the Companies Act requires us to maintain statutory company registers and director information.
• We will process your personal information if it is required to protect or pursue your legitimate interests, our legitimate interests, or those of a third party. For example, we may share information with our insurers when processing liability or business interruption claims, with our auditors when conducting financial or compliance audits, or with legal representatives in the event of a contractual dispute. We may also share information with regulators, training authorities, or certification bodies where there is a statutory obligation or an investigation into compliance with South African legislation.

Recruiting activities are processed to take steps at your request prior to entering into a contract, to comply with legal obligations such as right-to-work and employment equity reporting, to pursue legitimate interests such as fraud prevention and system security, and on the basis of your consent for optional uses like talent pool retention and background checks where consent is the applicable ground.

In every case, we process personal information only for lawful purposes, and we apply appropriate safeguards to ensure that your information is used only in ways that are necessary, proportionate, and directly linked to our business operations.

Special personal information is a category of personal information that the Protection of Personal Information Act, 2013 (POPIA) protects with additional safeguards because of its sensitivity. It refers to information that reveals your race, ethnic origin, trade union membership, political persuasion, religious or philosophical beliefs, health, sex life, or sexual orientation. It also includes biometric information, genetic information, and any information relating to alleged or proven criminal behaviour.

At Festo (Pty) Ltd, we do not routinely collect or process special personal information from customers, suppliers, contractors, or training participants as part of our ordinary business in supplying automation products and services. This type of information will only be collected or processed where the law requires it, where you have provided explicit consent, or where it is necessary to establish, exercise, or defend a legal right or obligation.

In the context of our operations, we may process special personal information in specific situations:

• Employees and job applicants:
  We may process health information such as medical certificates for sick leave, records of workplace injuries, or occupational health surveillance results where required for compliance with the Occupational Health and Safety Act. We may also process criminal record checks where a role involves financial responsibility, integrity-sensitive positions, or regulatory screening. Trade union membership may be processed in the context of labour relations and reporting required under the Labour Relations Act and the Employment Equity Act.

• Candidates:
  Special personal information is processed only where permitted by law or with explicit consent, for example employment equity reporting or health and safety access requirements for on-site interviews.

• Training and Didactic learners:
  In limited cases, we may process health or disability information to provide reasonable accommodation during training programs or assessments. This information is processed only with your consent and for the purpose of ensuring equal access to training.

• Health and safety compliance:
  Where there are workplace accidents or injuries, we may process health-related information in compliance with the Compensation for Occupational Injuries and Diseases Act and the Occupational Health and Safety Act.

• Access control and security:
  We may process biometric information, such as CCTV footage or access control records, where this is used to safeguard our premises, protect employees, and comply with security requirements.

We do not process special personal information for sales, marketing, or general business development purposes. Where we are required to process such information, it will always be handled in strict compliance with POPIA’s requirements, and only for purposes directly linked to our contractual, statutory, or regulatory obligations.

As the Responsible Party, Festo South Africa ensures that any special personal information you provide is treated with the highest level of confidentiality and security, in line with the conditions for lawful processing under POPIA.

Festo (Pty) Ltd will only process your special personal information in limited circumstances where the law allows it, or where it is strictly necessary for our business operations in industrial automation, engineering services, training, and employment management.

We may process your special personal information in the following circumstances:

• We will process your special personal information if you have given us your explicit consent. For example, you may consent to us using health or disability information to make reasonable accommodations during training or to record medical certificates for workplace leave.
• We will process your special personal information if it is required for human resources, health, or payroll purposes. This includes medical certificates for sick leave, disability benefit applications, occupational health surveillance records, and provident or pension fund contributions that require health information.
• We will process your special personal information if it is necessary to create, exercise, or protect a right or obligation in law. For example, during disciplinary proceedings, grievance processes, workplace disputes, or litigation, we may need to use health, trade union, or criminal record information where legally justified.
• We will process your special personal information if it is required for statistical or research purposes within the company, provided that all legal safeguards under POPIA are met and the information is de-identified where possible.
• We will process your special personal information if you have deliberately made it public. For example, where you disclose your trade union membership, political affiliation, or religious beliefs in a public forum.
• We will process your special personal information if the law requires it. For example, the Occupational Health and Safety Act requires us to process information about workplace injuries, the Compensation for Occupational Injuries and Diseases Act requires us to process accident reports, and the Employment Equity Act requires us to process racial and demographic information for statutory reporting.
• We will process racial or ethnic information where this is required for compliance with the Employment Equity Act and transformation reporting.
• We will process health information where it is necessary to assess medical fitness for work, to comply with occupational health requirements, to determine insurance or benefit eligibility, or to comply with legal obligations relating to employee health and safety.

In every case, Festo South Africa ensures that special personal information is only processed where it is lawful, necessary, and directly connected to our operations. We do not process special personal information for marketing or sales purposes. All special personal information that we collect is handled with the highest degree of confidentiality and in full compliance with the conditions for lawful processing under POPIA.

In recruiting, we do not use special personal information for screening decisions unless required by law or you have given explicit consent, and you may request human review of any automated filters that rely on such information.

Festo (Pty) Ltd collects personal information from several sources. The source will always depend on the nature of our relationship with you, whether you are a customer, supplier, contractor, employee, learner in our training programs, or a visitor to our website.

We may collect personal information about you from the following sources:

• We may collect personal information directly from you. For example, when you submit an order for products, register for training, apply for employment, sign a contract, provide supporting documentation, or communicate with us through email, telephone, or in person.
• We may receive candidate data from SAP SuccessFactors, recruitment agencies, professional networking platforms, background-check providers where lawful, and referees you nominate.
• We may collect personal information from a public record. For example, we may obtain company registration details, B-BBEE certificates, or director information from the Companies and Intellectual Property Commission (CIPC) or other public regulatory databases.
• We may collect personal information from an area where you have deliberately made it public. For example, from professional profiles on LinkedIn, industry directories, or other websites where you have published your information.
• We may collect personal information based on your use of our services and platforms. For example, when you interact with our website, use customer or training portals, download technical datasheets, participate in webinars, or access communication platforms that we provide. This may include cookies, IP addresses, login credentials, and other identifiers.
• We may collect personal information based on how you engage or interact with us. For example, through your participation in training assessments, surveys, technical support calls, customer service enquiries, or through correspondence with our departments.
• We may collect personal information from a third party, provided that it is lawful to do so. For example, from recruitment agencies when you apply for a job, from suppliers or contractors providing reference details, or from training partners and certification bodies when verifying qualifications.
• We may collect personal information from another source if you have given us explicit consent. For example, if you authorise a third party such as a recruitment consultant, training provider, or insurer to share your information with us.

Festo South Africa does not use special personal information for sales, marketing, or general client interactions. Where we are required to process special personal information, strict safeguards are applied to ensure that it is collected, used, stored, and protected lawfully in accordance with POPIA.

If the law requires us to do so, Festo (Pty) Ltd will request your consent before collecting your personal information from third parties. We only collect such information where it is lawful, necessary, and directly connected to our operations in supplying automation products, delivering engineering services, providing training, and managing employment relationships.

We may collect your personal information from the following parties:

• Business partners and affiliates:

Where joint projects, product distribution agreements, or collaborative service arrangements require the exchange of information.

• Your employr, training sponsor, or representative:

Where information is necessary to administer employee training, issue certificates, provide technical support, or comply with contractual and statutory obligations.

• Attorneys, auditors, consultants, or debt collectors:

Who assist us with enforcing agreements, recovering outstanding amounts, conducting audits, or handling legal proceedings.

• Banks, payment processors, and financial institutions:

That enable us to process, verify, and reconcile supplier payments, customer transactions, or employee reimbursements.

• Insurers and brokers:

Who provide liability cover, product insurance, or employee benefit administration that requires access to certain personal information.

• Law enforcement, fraud prevention agencies, and security providers:

Where verification, compliance investigations, or fraud detection require the sharing of information.

• Regulatory authorities, industry bodies, and government departments:

Such as the South African Revenue Service (SARS), the Department of Employment and Labour, the Companies and Intellectual Property Commission (CIPC), and the Information Regulator, where reporting or compliance obligations apply.

• Training accreditation and certification bodies:

Such as SETAs and the Quality Council for Trades and Occupations (QCTO), where learner assessment and certification records must be validated.

• Trustees, executors, or curators:

Appointed by a court of law where information is required during estate administration, succession matters, or legal proceedings.

• Approved service providers and contractors:

Including IT providers, secure data processors, logistics partners, and professional consultants who assist in maintaining systems, delivering products, processing information securely, or supporting business operations.

• Courts of law, tribunals, or statutory dispute resolution forums:

Where disclosure is required during litigation, arbitration, or regulatory proceedings.

Festo South Africa will only collect personal information from third parties where it is lawful, necessary, and directly linked to our responsibilities as the Responsible Party, and where it supports our relationship with you as a customer, supplier, contractor, employee, training participant, or business partner.

Festo (Pty) Ltd processes personal information only for lawful purposes that enable us to operate effectively in supplying automation products, engineering solutions, technical services, and training, while also meeting our statutory obligations under South African law. Your personal information will be processed for the following reasons:

Customers and Clients

• To process, validate, and administer product orders, service requests, and training registrations.

• To deliver automation components, systems, and training materials to the correct address or platform.

• To provide installation, commissioning, and after-sales support for automation systems.

• To respond to your enquiries, technical support requests, and complaints.

• To provide information about our products, services, or training programs where you have consented to receive marketing in terms of section 69 of POPIA.

• To verify your identity, company registration details, and banking information to prevent fraud and ensure accurate processing.

• To fulfil contractual and statutory obligations under the Companies Act, Consumer Protection Act, Occupational Health and Safety Act, and tax legislation.

Suppliers and Contractors

• To procure products, professional services, and operational support required for our business activities.

• To verify company registration details, tax clearance, B-BBEE certificates, and payment details.

• To process contracts, invoices, and payments for goods or services rendered.

• To maintain records for audit, compliance, and contractual performance.

Employees

• To draft and maintain employment contracts, job descriptions, and personnel records.

• To manage payroll, salaries, UIF, PAYE, provident fund contributions, and other employee benefits.

• To process leave applications, timesheets, training records, and professional certifications.

• To record disciplinary proceedings, grievances, and performance management processes.

• To comply with labour legislation including but not limited to the Basic Conditions of Employment Act, the Labour Relations Act, the Employment Equity Act, the Skills Development Act, and the Occupational Health and Safety Act.

• To maintain workplace health and safety records, including medical certificates, accident reports, and occupational surveillance results.

Job Applicants

• To receive and evaluate applications for vacancies.

• To conduct shortlisting, interviews, technical assessments, and background checks.

• To verify qualifications, references, and other supporting information.

• To make recruitment and appointment decisions in line with HR policies and employment legislation.

• To retain recruitment records in accordance with labour and employment legislation.

Candidates

• To receive and manage applications through SAP SuccessFactors.

• To conduct screening, interviews, technical assessments, and reference checks where lawful.

• To verify right-to-work, qualifications, and professional memberships.

• To manage offers, pre-employment onboarding handover, and system provisioning.

• To maintain a talent pool with your consent.

• To secure the platform and prevent fraud or abuse.

Operators (Third Parties Acting on Our Behalf)

• To ensure compliance with section 20 of POPIA, which requires operators to act only on our documented instructions.

• To maintain operator agreements, service-level records, and compliance obligations.

• To enable delivery of contracted services such as IT support, secure data storage, logistics, and administrative support.

• To verify their security controls and compliance with legal and contractual requirements.

Visitors (Physical and Digital)

• To record access details for security and health and safety purposes when visiting our premises.

• To maintain visitor registers and comply with workplace access protocols.

• To process CCTV footage for security, incident investigation, and compliance purposes.

• For website visitors, to collect online identifiers, IP addresses, cookies, and login details for training or client portals in order to secure systems and provide services.

Insurance and Risk-Related Processing

• To arrange liability, business interruption, or insurance cover where necessary.

• To process and administer insurance claims relating to client disputes, workplace incidents, or liability exposures.

• To share relevant information with insurers to comply with policy requirements, risk assessments, and audit processes.

Legal, Compliance, and Reporting Obligations

• To comply with statutory reporting duties under the Companies Act, tax laws, employment legislation, and other applicable regulations.

• To respond to lawful requests from regulators, courts, or law enforcement agencies.

• To maintain internal audit, compliance, risk management, and governance processes to ensure accountability and transparency.

Festo (Pty) Ltd processes and retains personal information strictly for business purposes linked to the supply of automation products, engineering services, technical training, employment administration, and compliance with legal and regulatory requirements. Personal information may also be retained for historical, statistical, and research purposes, provided that it is used lawfully and with appropriate safeguards.

We use and retain your information for the following reasons:

• To process, validate, and administer product orders, service requests, training registrations, and related business transactions, and to ensure accurate record-keeping for future reference.
• To communicate with customers, suppliers, contractors, employees, and learners regarding deliveries, training schedules, technical support, documentation, and service outcomes.
• To comply with legislative and regulatory requirements, including obligations under the Companies Act, tax laws, labour laws, the Occupational Health and Safety Act, the Employment Equity Act, and B-BBEE reporting frameworks.
• To conduct industry-specific research and statistical analysis relating to product performance, training outcomes, service delivery timelines, and client feedback, in order to improve operational efficiency, product development, and service delivery.
• To retain accurate historical records of contracts, orders, training participation, correspondence, and engagements in order to support dispute resolution, legal proceedings, or regulatory audits.
• To develop and improve our products, digital platforms, training programs, and customer support systems by analysing usage trends and feedback received from stakeholders.
• To process and retain financial instruments such as invoices, proof of payment, supplier account records, payroll documentation, and reconciliation reports for statutory and audit purposes.
• To generate and issue HR and payroll records, payslips, tax certificates, training certificates, and related employee documentation.
• • To verify the identity and credentials of customers, suppliers, employees, and training participants for fraud prevention, compliance, and security purposes.
• • To administer insurance and risk management processes, including liability cover, workplace incident reports, and claims relating to operational or financial risks.
• To respond to enquiries, complaints, and service requests relating to customer orders, training, employment, or supplier relationships.
• To conduct surveys, collect feedback, and measure satisfaction levels from customers, learners, and employees to improve business operations and training programs.
• To assess supplier reliability, employee compliance, or customer account performance in line with industry standards and contractual requirements.
• To keep accurate historical, statistical, and research records relating to product development, market trends, training effectiveness, financial performance, and compliance across all areas of our operations.
  

Festo South Africa (Pty) Ltd will only use your personal information for direct marketing in full compliance with Section 69 of the Protection of Personal Information Act, 2013 (POPIA), applies to natural and juristic persons.

We process your personal information for marketing in the following ways:

• Existing customers and clients: If you are a current or previous customer, we send marketing about automation products, engineering solutions, training programs, or related service offerings that are the same as or similar to those you have previously purchased or used. Each marketing communication includes a clear opportunity to object or unsubscribe. You also received an opt-out at the point of data collection.
• Prospective customers and learners: If you are not yet a customer or training participant, we send electronic marketing communications, such as email or SMS, only once you have provided prior consent. We approach a non-customer once to request consent. That request identifies us, states the purpose, and offers a simple refusal route.
• Channels of communication: We contact you in person, by telephone, by post, and through electronic channels such as email and SMS. We also use social media, our website, and industry publications on and offline. Direct marketing at events includes expos, SEs, OPs, expotainer, and related roadshows. Badge scans, business-card drops, QR sign-ups, and tablet forms include a clear opt-in for electronic follow-ups. Direct messages on social platforms are sent only with consent or under the existing-customer rule for similar products or services.
• Transparency: Every marketing communication clearly identifies Festo South Africa (Pty) Ltd as the sender.
• Right to object: You can request at any time that we stop sending marketing communications. We act on your request without delay, free of charge, as required by Section 69(3) of POPIA. We maintain suppression lists to ensure objections are honoured.
• Third-party marketing: We do not share your personal information with third parties for their own independent marketing purposes. Where we run joint promotions, technical webinars, industry features, expos, SEs, OPs, or expotainer activity with partners, they act under our instructions. No independent use of your details without your prior consent.
• Cookies and targeted ads:Analytics, remarketing, and targeted advertising run only in line with your cookie choices. See Our Cookie Policy for providers and opt-outs. Your cookie preferences control whether targeted ads run.
• Children:We do not send direct marketing to minors without the consent of a competent person.
• Record-keeping: We maintain records of your marketing preferences, including when you provided or withdrew consent, objections received, and the content sent, to demonstrate compliance with POPIA.
• How to opt out or change preferences:Use the unsubscribe link in any email or the STOP instruction for SMS.You can also email the marketing team at the designated address. The mailbox is active. Marketing updates the website page to display this address prominently.

Festo (Pty) Ltd only shares your personal information when one or more of the following conditions apply. In all cases, we share information only with trusted third parties who are contractually bound to protect the information and to use it strictly for the specific purpose for which it was provided.

• Where you have consented

We will share your personal information if you authorise us to do so. For example, you may authorise us to share your information with an industry training partner, a certification body, or a logistics provider in order to deliver training, confirm qualifications, or complete a shipment.• Where it is necessary to perform a contract with youWe may share your order details, delivery information, or technical support records with logistics providers, engineering partners, or contractors to ensure the correct delivery, installation, or servicing of automation equipment.

We may provide your banking or invoicing details to authorised financial institutions to process payments.

We may share information with accredited training institutions, digital platform providers, or IT service providers who support our training and online service platforms.

HR interviewers and hiring managers, technical assessors, and panel members bound by confidentiality.

SAP SuccessFactors and its sub-processors as our Operators for recruiting technology services.

• Where required by law

We disclose information to regulators such as the South African Revenue Service (SARS) for tax and VAT compliance, the Department of Employment and Labour for employment reporting, the Companies and Intellectual Property Commission (CIPC) for company records, and the Information Regulator for POPIA compliance. We may share employee records with statutory funds such as UIF, COIDA, or pension fund administrators. We may disclose health or safety-related records where required under the Occupational Health and Safety Act or the Compensation for Occupational Injuries and Diseases Act. Background-screening and right-to-work verification bodies where screening is required or permitted.

• Where it is necessary to protect legitimate interests

We may share personal information with our legal representatives when enforcing agreements, handling disputes, or defending legal claims. We may disclose information to insurers when assessing or processing liability or business interruption claims. We may share limited data with IT security providers, fraud prevention agencies, and system administrators to safeguard our networks, platforms, and facilities against unauthorised access or fraudulent activity. Legal advisers in relation to recruitment disputes. Group HR for cross-border transfers linked to international roles.

In every case, Festo South Africa ensures that any third party receiving personal information is legally and contractually bound to maintain confidentiality, implement appropriate safeguards, and process the information only for the specific purpose for which it was provided.

Festo (Pty) Ltd operates as part of the global Festo Group. As a result, personal information may be transferred to and processed in countries outside of South Africa. Such transfers will only take place in compliance with the Protection of Personal Information Act, 2013 (POPIA), and where appropriate safeguards are in place.

We only transfer your personal information to third parties outside South Africa in the following circumstances:

• Adequate Protection

We transfer personal information where the receiving country has data protection laws that provide adequate safeguards, or where we have entered into a written agreement with the recipient requiring them to protect your information at the same or higher standard than POPIA. This is particularly relevant for transfers within the wider Festo Group to centralised systems or group entities based in the European Union, which is governed by the General Data Protection Regulation (GDPR).

• Contractual Necessity

We transfer personal information where it is required to conclude or perform a contract in your interest. For example, this may include sharing information with Festo headquarters in Germany for order fulfilment, technical support, or product development; with global IT service providers who maintain our business systems; or with international logistics partners and certification bodies to ensure delivery and recognition of training programs.

• Your Consent

We transfer personal information where you have given explicit permission for your information to be shared with a foreign third party. For example, this may occur when you request that we share your details with an international Festo entity, a training accreditation authority outside of South Africa, or a global engineering partner for a project.

• Practical Necessity

We transfer personal information where it is not reasonably practical to obtain your consent beforehand and the transfer is in your interest. For example, this may occur when arranging urgent system recovery with our international IT teams, engaging global security providers to address cyber incidents, or coordinating urgent technical support with Festo’s central engineering teams abroad.

All cross-border transfers of personal information take place within the requirements and safeguards of the law. Wherever possible, the recipient processing your personal information in another country will agree in writing to apply the same level of protection as required under POPIA. If the other country’s data protection laws provide stronger safeguards, those laws will apply.

Recruiting data processed in SAP SuccessFactors may be transferred to the European Union and other jurisdictions where SAP or Festo Group entities host or support the platform. We implement appropriate safeguards, including standard contractual clauses and group-level data protection commitments consistent with POPIA and GDPR.

Festo (Pty) Ltd implements appropriate and reasonable technical and organisational measures to protect your personal information in line with POPIA, GDPR, and industry’s best practices. These safeguards are designed to prevent loss, misuse, unauthorised access, disclosure, alteration, or destruction of personal information.

Our security measures include:

• System security and monitoring, including firewalls, intrusion detection, encryption, role-based access controls, multi-factor authentication, and logging of user activity.
• Secure storage of electronic records on protected servers and cloud platforms, with contractual security obligations imposed on all operators and service providers.
• Secure storage of physical records in access-controlled facilities with restricted authorisation for personnel.
• Physical access controls for offices, training centers, warehouses, and production facilities.
• Secure destruction and deletion of records in line with retention schedules and applicable legislation.
• Ongoing employee training and awareness programs on POPIA, GDPR, cybersecurity, and data handling obligations.
• Contractual clauses requiring all operators, contractors, and suppliers to implement equivalent safeguards when processing personal information on our behalf.
• Regular compliance reviews, audits, penetration testing, and vulnerability assessments to ensure that technical and organisational measures remain effective and up to date.

Festo (Pty) Ltd retains personal information only for as long as it is lawfully required and relevant to our operations in supplying automation products, engineering services, training programs, and employment administration. Retention periods are determined by legislation, contractual obligations, industry standards, and business requirements.

Specifically, we keep your information for the following periods and purposes:

• Legal Requirements
  Certain records, including financial, tax, and statutory information, are retained for periods prescribed by South African law such as the Companies Act, the Income Tax Act, the VAT Act, the Occupational Health and Safety Act, and labour legislation. These records are generally kept for a minimum of 5 to 7 years, and up to 40 years for occupational health and safety records.
• Contractual Obligations
  We retain personal information for the duration of your contract with us and for any additional period required to resolve disputes, enforce agreements, manage warranties, or provide after-sales support.
• Consent-Based Retention
  Where you have provided explicit consent, for example to receive marketing communications, we retain your personal information until you withdraw that consent.
• Business Purposes
  We retain customer, supplier, and training participant records for as long as is necessary to deliver products, provide technical or training services, manage financial transactions, and maintain accurate records of our business relationships.
• Statistical and Research Use
  We may keep de-identified information for historical, statistical, and research purposes. This includes analysing product performance, training outcomes, customer satisfaction, and operational efficiency.
• Industry Codes and Best Practices
  Where industry standards or ISO certifications require specific retention periods, we comply with these requirements to support regulatory reporting, risk management, and audit obligations.
• Employment-Related Records
  Employee records, payroll documentation, and workplace health and safety reports are retained in accordance with the Basic Conditions of Employment Act, the Labour Relations Act, the Occupational Health and Safety Act, and tax and UIF legislation. Recruitment records for unsuccessful applicants are retained for up to 12 months, unless a longer period is required by law or retention is based on the applicant’s consent.
• Recruiting Records
  Applications, interview notes, and assessment records are retained for 12 months after the process closes, unless law requires a longer period.
  Talent pool profiles are retained for the period stated in the consent notice and removed when consent is withdrawn. Pre-employment screening results are retained only for as long as needed to evidence the hiring decision or comply with law. Once you become an employee, recruiting records relevant to your employment move under the employee retention schedule.

Note: Certain records may be kept even after a business, training, or employment relationship has ended, where the law requires us to retain them, or where historical financial, contractual, or health and safety records remain necessary for compliance, audits, or future reference.

Use of cookies on the festo south africa website

Festo (Pty) Ltd uses cookies on its website to support functionality and improve your browsing experience when accessing information about our automation products, engineering services, and training resources.A cookie is a small data file stored on your device when you visit our website. Each cookie contains a unique identifier that enables our systems to recognise your browser, remember your preferences, and provide a secure and personalised experience. Cookies also help us protect our systems and analyse how our website is used.We use different types of cookies for different purposes:

• Functional Cookies

These cookies ensure that the website operates correctly and that you can use its essential features. They also make the site easier to use by remembering login details, basket contents, language settings, and display preferences so that you do not need to reset them every time you visit.

• Customer Portal and Online Services

Cookies enable you to log into and navigate the secure Festo portal without re-entering details. They also maintain your session during online ordering, quotation requests, and training registrations to ensure smooth transactions and data validation.

• User Preferences

Cookies remember your browsing language, location, and past interactions with our content. This ensures that catalogues, datasheets, and training schedules are displayed correctly for South African users.

• Cookies for Website Performance Analysis

We use cookies to understand how visitors use our site, which product pages are most visited, and how services are accessed. This allows us to improve website design, prioritise the content that users value, and identify technical errors. For this purpose, we rely on third-party analytics tools including:
o Google Analytics
o Hotjar
o Kameleoon
o econda Web Analytics

• Interest-Based and Targeted Cookies

These cookies help us provide you with relevant product and service information by tracking which content you have viewed. They also support advertising effectiveness by targeting specific campaigns. For this purpose, we use:
o Google Remarketing
o Bing UET (Universal Event Tracking)
o LinkedIn Insight Tag
o Eloqua (for newsletters and personalised content)

• Fraud Prevention and Security

Cookies are used to detect suspicious browsing patterns, prevent unauthorised access to secure areas of the website, and protect against potential cyber-attacks.

Retention of Cookies
Some cookies are session cookies, which are deleted when you close your browser. Others are persistent cookies, which remain on your device for a defined period (generally between 6 months and 2 years) unless deleted manually.

Managing Your Cookies
By continuing to use our website, you consent to the use of cookies as described in this policy. You may disable or block cookies through your browser settings at any time. If you block cookies, certain functions such as catalogue browsing, enquiry submissions, or secure portal access may no longer work properly.

You can also manage which categories of cookies you want to allow through the cookie controller available on our website.

Some third-party providers process cookie data outside South Africa, including in the European Union, the United States, and other jurisdictions. In these cases, Festo ensures that appropriate safeguards are in place, such as adequacy decisions under GDPR or contractual clauses requiring equivalent protection to POPIA. For further details, please see the section of this Privacy Policy on cross-border transfers.

You have the right to request access to the personal information that Festo (Pty) Ltd holds about you. This right includes:

• Confirmation that we process your personal information, such as your customer account details, order history, delivery address, or training registration records.
• A copy or description of the record containing your personal information, such as invoices, quotations, product enquiries, or technical support correspondence.
• The identity or categories of third parties who have had access to your personal information, for example logistics providers, customs clearing agents, or IT service providers that support our online portals and email systems.

We will respond to access requests within a reasonable period of time. In some cases, a reasonable fee may be charged for providing copies of records or for information relating to third-party disclosures. You will be informed of this fee before we attend to your request. Please note that certain laws may limit your right to access information, for example where records are legally privileged or subject to regulatory restrictions.

You also have the right to request us to correct or delete your personal information if it is:

• Inaccurate, irrelevant, excessive, out of date, incomplete, or misleading;
• Obtained unlawfully; or
• No longer authorised for us to retain.

Requests must be submitted in writing to our Information Officer. Changes may take up to 15 business days to reflect on our systems. For example, if you update your company registration details or VAT number, we may require supporting documentation before amending our records.

In some cases, a specific agreement may dictate how your personal information must be updated. For example, contractual documentation relating to equipment supply, warranty claims, or training certifications may require amendments to follow formal procedures.

If the law requires us to retain certain records (such as SARS-mandated tax documentation, warranty-related records, or health and safety compliance documentation), we will not delete such information upon request. Please note that deleting certain personal information, such as billing or delivery details, may prevent us from providing you with products, technical support, or training services.

For recruiting requests, contact the Information Officer or the Recruiting Privacy Contact. We acknowledge requests within 5 business days and provide outcomes within a reasonable period once identity has been verified.

You may object, on reasonable grounds, to the processing of your personal information by Festo South Africa. Objections may apply where you believe your information is being used for unnecessary direct marketing or where it is no longer relevant to the purpose for which it was collected.

We may not be able to give effect to your objection if:

• The processing of your personal information is required or permitted by law (for example, SARS record-keeping obligations, compliance with occupational health and safety legislation, or import/export regulations).
• You have provided consent to the processing and the processing is carried out in accordance with that consent.
• The processing is necessary to conclude or perform a contract with you, such as fulfilling an order, arranging delivery of equipment, or providing engineering support.

If you have previously consented to the processing of your personal information, you may withdraw that consent at any time. We will explain the consequences of withdrawal to you. For example, if you withdraw consent to receive updates about new automation solutions or training programs, you will no longer receive those communications.

Even if consent is withdrawn, we may continue to process your personal information where the law permits or requires us to do so. It may take up to 15 business days for changes to reflect on our systems, during which time your information may still be processed. All objections or withdrawals of consent must be submitted in writing to our Information Officer.

You also have the right to lodge a complaint about the processing of your personal information. Complaints can be submitted directly to us, or to the Information Regulator of South Africa at:

Email: POPIAComplaints@inforegulator.org.za

Postal Address: P.O. Box 31533, Braamfontein, Johannesburg, 2017

Physical Address: Woodmead North Office Park, 54 Maxwell Drive, Woodmead, Johannesburg, 2191.

If automated screening is applied in SuccessFactors, you may object to a decision, request an explanation of the logic at a high level, and request human review.

For any queries in relation to this letter or our processing of your persona information in general, you can contact our Information Officer and/or Deputy Information Officer at the following details:

Business Name: Festo (Pty) Ltd

Registration Number: 197300377607

Registered Office: 22 Electron Avenue, Isando, 1619.

Postal Address: P.O. Box 255, Isando, 1600.

Contact Number: 011 971 5548

Information Officer: Brett Carlyle Wallace

Deputy Information Officer: Sharlene Naidoo

Email address/es: compliance.za@festo.com