Privacy Policy

Data Privacy Notice
Last Update: July 2024

Supplyframe Inc, a Siemens company

We (meaning the specific company that has provided or referred you to this privacy notice or that is identified on this page as being the operator of this website) believe that protecting the security and privacy of your personal data is important. This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law.

1.

Processing of personal data related to your use of our websites, applications and online services

Categories of personal data processed, and purpose of the processing

When visiting our external and internal websites or using our applications, or online services (each an “Online Offering”), we may process the following categories of personal data:

  • Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
  • Organizational information, including job position and company name;
  • Information submitted as part of a support request, survey or comment or forum post;
  • Further personal data that you provide by filling in forms in our Online Offerings; and
  • Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.

We process your personal data for the following purposes:

  • To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
  • To bill your use of the Online Offering;
  • To verify your identity;
  • To answer and fulfill your requests or instructions;
  • To process your order or to provide you with access to specific information or offers;
  • To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 4; and
  • As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.

Online Offerings provided by your organization

Our Online Offerings may be provided to you for your use by the organization to which you belong, such as our enterprise customers. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization.

2.

Processing of personal data related to your use of our marketplaces

Categories of personal data processed, and purpose of the processing

When visiting our online stores and marketplaces (each a “Marketplace”), we may process the following categories of personal data:

  • Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
  • Organizational information, including job position and company name;
  • Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Information submitted as part of a support request, survey or comment or forum post;
  • Further personal data that you provide by filling in forms in our Marketplace;
  • Information that are legally required compliance screenings or export control checks; such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings; and
  • Information on your interaction with the Marketplace, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.

We process your personal data for the following purposes:

  • Communicating with you about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
  • Planning, performing and managing the (contractual) relationship with customers, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
  • Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
  • Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

 

3.

Processing of personal data related to your business relationship with us

Categories of personal data processed, and purpose of the processing

In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):

  • Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
  • Organizational information, including job position and company name;
  • Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
  • Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones;
  • Personal data collected from publicly available resources (including business and employment oriented social networks and websites), integrity data bases and credit agencies; and
  • Information that are legally required for Business Partner compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.

We may process the personal data for the following purposes:

  • Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
  • Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
  • To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you;
  • Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
  • Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
  • Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
  • Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
  • Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.

 

4.

Processing of personal data for customer satisfaction surveys and for direct marketing

Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to privacy@supplyframe.com or by using the opt-out mechanism provided in the respective communication you received.

5.

Processing of personal data related to your job application

When you apply for a job, we process your personal data as set out in the privacy notice of the Siemens Recruiting Portal [Link to https://new.siemens.com/global/en/company/jobs.html] or of the respective other recruiting platform you may use.

6.

Transfer and disclosure of personal data

We only transfer your personal data as described below:

  • Affiliated Companies and sales partners
    For the purpose of and to the extent necessary to conduct our business relationship with you, we may share your personal data with affiliates and other third parties (e.g., sales partners and agents). We, for example, sell certain products and services only via local business relationships and in this case, we may transfer your personal data to our respective local affiliates or other sales partners conducting the business relationship with you.
  • Transactions on our Marketplaces
    Via our Marketplaces we make available products, services and offerings of affiliates and other third parties. We share customers' personal data related to those transactions with that affiliate and/or third party.
  • Service Providers
    We employ affiliates and other companies to perform functions on our behalf, such as IT-services or payment processing services. These affiliates and other companies process personal data only for the purpose of such services.
  • Other third parties
    We may transfer personal data to other third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants). Further, we may share your personal data with third parties for the purposes of analytics and advertising.

The recipients of your personal data may be located outside of the country in which you reside. Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered users of the respective Online Offering.

7.

Retention periods

Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).

8.

Your rights

The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.

In particular, and subject to the legal requirements, you may be entitled to

  • Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
  • Obtain from us the correction of inaccurate personal data concerning you;
  • Obtain from us the erasure of your personal data;
  • Obtain from us restriction of processing regarding your personal data;
  • Data portability concerning personal data, which you actively provided;
  • Object, on grounds relating to your particular situation, to further processing of personal data concerning you; and
  • Withdraw your consent to our processing of your personal data.

 

9.

Security

To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

10.

Data privacy contact

Our Data Privacy Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Organization may be contacted at: dataprotection@siemens.com.

The Data Privacy Organization will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.

11.

Processing under the EU’s General Data Protection RegulationThis section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.

Data Controller

Online Offerings
The specific company identified in the Online Offering as being the operator of the Online Offering is the
data controller
in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.

Marketplaces
The specific company identified on the Market Place as being the operator of the Marketplace is the data controller.

Business Partner personal data in Customer Relationship Systems
In the course of our business relationship with you, we may share Business Partner contact information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).

To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Siemens companies granting you the right to centrally exercise your data subject rights under section 8 of this Privacy Notice against Siemens AG.

To exercise your rights, you may reach out to: dataprotection@siemens.com.

Legal basis of the processing

The General Data Protection Regulation requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing data about you is that such processing is necessary for the purposes of

  • exercising our rights and performing our obligations under any contract we make with you (Article 6 (1)
    (b) General Data Protection Regulation) (“Contract Performance”);
  • Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation) (“Compliance with Legal Obligations”); and/or
  • Legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Organization at: dataprotection@siemens.com.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation) (“Consent”).

Purpose Legal Basis
Processing of personal data in the context of Online Offerings
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
Legitimate Interest (Article 6 (1) (f) GDPR)
To bill your use of the Online Offering Contract Performance (Article 6 (1) (b) General Data Protection Regulation)
Legitimate Interest (Article 6 (1) (f) GDPR
To verify your identity Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To answer and fulfill your requests or instructions Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To process your order or to provide you with access to specific information or offers Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4 Consent, if voluntarily provided (Article 6
(1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems Compliance with Legal Obligations
(Article 6 (1) (c) GDPR
Legitimate Interest (Article 6 (1) (f) GDPR)
Processing of personal data related to your use of marketplaces and/or business relationship with us
Communicating about our products, services and projects,
e.g. by responding to inquiries or requests or providing you with technical information about purchased products
Contract Performance (Article 6 (1) (b) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities,
arranging shipments and deliveries, facilitating repairs and providing support services;
Contract Performance (Article 6 (1) (b) GDPR)
Compliance with Legal Obligations
(Article 6 (1) (c) GDPR)
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services
and products and to improve our personal communication with you
Legitimate Interest (Article 6 (1) (f) GDPR)
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; Consent, if voluntarily provided (Article 6
(1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4; Consent, if voluntarily provided (Article 6
(1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Maintaining and protecting the security of our products,
services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
Legitimate Interest (Article 6 (1) (f) GDPR)
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white- collar or money laundering crimes), and our policies or industry standards; and Compliance with Legal Obligations
(Article 6 (1) (c) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. Compliance with Legal Obligations
(Article 6 (1) (c) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)
Processing of personal data for customer satisfaction surveys and for direct marketing
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys Consent, if voluntarily provided (Article 6
(1) (a) GDPR)
Legitimate Interest (Article 6 (1) (f) GDPR)

International data transfers

In the event that we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation. Therefore, and if required by applicable law, we take the following measures:

  • We share your personal data with affiliated companies outside the European Economic Area only if they have implemented our Binding Corporate Rules („BCR“) for the protection of personal data. Further information about the BCR can be found here.
  • We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us, or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting dataprotection@siemens.com.

Your competent data protection authority

In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at dataprotection@siemens.com. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.

A list and contact details of local data protection authorities is available here.

12.

Processing under the Brazilian General Data Protection Law

This section applies and provides you with further information if the processing by one of our companies (i) occurs in Brazilian territory, (ii) concerns the data of individuals located in Brazilian territory, (iii) comprises personal data collected in Brazilian territory or (iv) has as its objective the offer or supply of goods or services to individuals located in Brazilian territory. In these cases the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados - LGPD) applies to the processing of your personal data and the following additions and/or deviations apply to sections 2, 5, 6, 9, of this Data Privacy Notice:

Retention Periods

As allowed under article 16 of LGPD we may retain your personal data to comply with legal or regulatory obligations (such as retention obligations under tax or commercial laws), during the legal statute of limitation period, or for the regular exercise of rights in judicial, administrative or arbitration proceedings.

Your rights

Additionally to the rights mentioned in this Data Privacy Notice, you are entitled under LGPD to:

  • In case you understand your data is not being processed in accordance with the applicable data protection law or in an excessive way, request us to anonymize, block or delete unnecessary or excessive personal data or;
  • Request information regarding the public and/or private entities we shared your personal data with;
  • Be informed about the possibility of not giving your consent to process your data and the consequences of not giving the consent in case we request your consent to process your data;
  • Revoke at any time your consent to our processing of your personal data in case we request your consent to process your data

Legal basis of the processing

The Brazilian General Data Protection Law requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing is:

  • Article 7 V LGPD (“Contract Performance”);
  • Article 7 II LGPD (“Compliance with Legal Obligations”);
  • Article 10 I and II LGPD (“Legitimate Interest”).
  • Article 7 I LGPD (“Consent”).

International transfers

Following the LGPD requirements defined in the Article 33 of Brazilian General Data Protection Law, in the event that we transfer your personal data outside the Brazilian territory, we ensure that your data is protected in a manner which is consistent with the Brazilian General Data Protection Law, we will follow the applicable law and decisions imposed by the proper authority.

Your competent data protection contact
If this section applies, you may also contact our Brazilian Data Privacy Organization at dataprivacy.br@siemens.com.

13.

Processing under Canadian privacy laws

Each Siemens company established in Canada (“Siemens in Canada Entity”) maintains your personal data on secure servers that are accessible to authorized employees, representatives or agents who require access for the purposes descried in this privacy notice.

Residents of Québec: Please note that your personal data could be communicated outside of the Province of Québec (i.e., extra-provincially/territorially and outside of Canada).

If you have any questions about how a Siemens in Canada Entity processes your personal data, including with respect to its use of service providers outside of Canada, or if you would like to exercise any of your rights in respect of your personal data under the control of a Siemens in Canada Entity, you may contact the Siemens in Canada Privacy Officer at dataprivacy.ca@siemens.com.

14.

Processing under People’s Republic of China Personal Information Protection Law

This section applies and provides you with further information if the processing by one of our companies is located within the borders of People’s Republic of China (“PRC”) or concerns the data of individuals within the borders of PRC.

Processing of sensitive personal information

According to the PIPL, sensitive personal information means personal information that, once leaked or illegally used, may easily cause harm to the dignity of natural persons grave harm to personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status,
medical health, financial accounts, individual location tracking, etc. as well as the personal information of minors under the age of 14.

In addition to the payment data mentioned in section 2 of this Data Private Notice, we will, in principle, not process your sensitive personal information. In case your sensitive personal information will be processed, we will notify you about the necessity of processing and effects on the individual’s rights and interests, and obtain your specific consent if applicable.

Transfer and disclosure of personal data

Following the requirements defined in the Article 23 of PIPL, additionally to the contents mentioned in section 4, we, in principle, will not transfer or share your personal information to third party controllers, unless (1) obtain your specific consent if applicable, or (2) to fulfill the statutory duties under local laws and regulations.

In the event of any reorganization (including the establishment of new, locally incorporated entities in China and the transfer of existing businesses in China to such new locally incorporated entities), merger, sale, liquidation, joint venture, assignment, transfer or other disposition of all or part of our business (including in connection with any bankruptcy or similar proceedings) involving the transfer of personal data, we will ask the new company or organization holding your personal data to continue to process your personal data in accordance with this Privacy Notice. If the new company or organization holding your personal data needs to use your personal data for purposes not stated in this Privacy Notice, the new company or organization will obtain your consent, unless otherwise provided by the applicable laws and regulations.

International Transfer

You acknowledge that your data will be transferred and proceed outside of PRC. We will follow the applicable laws and decisions imposed by the competent authority, and ensure that your data is protected in a manner which is consistent with the PRC Personal Information Protection Law. If you or the company you work for is a Business Partner, please be aware that Siemens is a multi-national company, and for the purpose of concluding or fulfilling the contract/agreement with you or the company you work for, you understand and agree that we may transfer your personal information to foreign affiliated companies.

Legal Basis of the processing

The PIPL requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing is:

  • PIPL Article 13(2) (“Contract Performance”);
  • PIPL Article 13(3) (“Statutory duties and responsibilities”)
  • PIPL Article 13(6) (“Process publicly available data”);
  • PIPL Article 13(1) (“Consent”)

Usage by Children

This Online Offering is not directed to children under the age of fourteen (14). We will not knowingly collect personal data from children under the age of fourteen (14) without prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.

15.

Processing under South Africa’s Protection of Personal Information Act

For Business Partners and users located in South Africa, please take note of the following:

In terms of section 1 of the Protection of Personal Information Act, 2013 (“POPI”), “personal data” or “personal information” includes “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.”

The corresponding legal grounds and conditions for lawful processing of personal data in South Africa are contained in Sections 8 to 25 of POPI, and relate to “Accountability”; “Processing limitation”; “Purpose specification”; “Further processing limitation”; “Information quality”; “Openness”; “Security safeguards” and “Data subject participation”.

In terms of section 69 of POPI, the processing of personal information of a data subject for the purposes of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, sms’s or e-mail is prohibited unless the data subject has provided consent to the processing, or is, subject to further conditions, an existing customer of the responsible party.

For purposes of a Data Subject exercising its rights further enquiries and the exercise of its rights in relation to access, objection to, and complaints in respect of the processing of personal data, the contact particulars of the Information Regulator of South Africa, are as follows:

            JD House, 27 Stiemens Street Braamfontein
            Johannesburg 2001

            PO Box 31533
            Braamfontein Johannesburg 2017

            Complaints: complaints.IR@justice.gov.za
            General enquiries: inforeg@justice.gov.za
16.

Processing under Swiss Data Protection Law

Every data subject has the right to enforce her/his rights in court or to lodge a complaint with the competent data protection authority. The competent data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (Homepage (admin.ch)).

17.

Processing under the United Kingdom’s Data Protection Act 2018 and the UK GDPR

This section applies and provides you with further information if your personal data is processed by one of our companies located in the United Kingdom under the Data Protection Act 2018 and/or the UK GDPR (meaning Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018).

Data Controller

The specific company identified on this page as being the operator of this website is the data controller in the meaning of the UK GDPR for the processing activities described in this Privacy Notice.

In the course of our business relationship with you, we may share Business Partner contact information with affiliated Siemens companies. We and these Siemens companies are jointly responsible for the proper protection of your personal data (Art. 26 UK GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Siemens companies granting you the right to centrally exercise your data subject rights under section 7 of this Privacy Notice against Siemens Aktiengesellschaft, Germany.

To exercise your rights, you may reach out to: dataprotection@siemens.com.

Legal basis of the processing

The UK GDPR requires us to provide you with information on the legal basis of the processing of your personal data.

The legal basis for our processing data about you is that such processing is necessary for the purposes of

  • exercising our rights and performing our obligations under any contract we make with you (Article 6 (1)
    (b) UK GDPR) (“Contract Performance”);
  • Compliance with our legal obligations (Article 6 (1) (c) UK GDPR) (“Compliance with Legal Obligations”); and/or
  • Legitimate interests pursued by us (Article 6 (1) (f) UK GDPR) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Organization at: dataprotection@siemens.com.

In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) UK GDPR) (“Consent”).

Purpose Legal Basis
Processing of personal data in the context of Online Offerings
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
To bill your use of the Online Offering Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
To verify your identity Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
To answer and fulfill your requests or instructions Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
To process your order or to provide you with access to specific information or offers Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4 Consent, if voluntarily provided (Article 6
(1) (a) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems Compliance with Legal Obligations
(Article 6 (1) (c) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Processing of personal data related to your use of Siemens marketplaces and/or business relationship with us
Communicating about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products Contract Performance (Article 6 (1) (b) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services; Contract Performance (Article 6 (1) (b) UK GDPR)
Compliance with Legal Obligations
(Article 6 (1) (c) UK GDPR)
To create a personal profile containing business-related information on interactions between you and Siemens with the aim of being able to offer you and the company you work for relevant information and suitable offers for Siemens services and products and to improve our personal communication with you Legitimate Interest (Article 6 (1) (f) UK GDPR)
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; Consent, if voluntarily provided (Article 6
(1) (a) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4; Consent, if voluntarily provided (Article 6
(1) (a) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; Legitimate Interest (Article 6 (1) (f) UK GDPR)
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-
collar or money laundering crimes), and our policies or industry standards; and
Compliance with Legal Obligations
(Article 6 (1) (c) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. Compliance with Legal Obligations
(Article 6 (1) (c) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)
Processing of personal data for customer satisfaction surveys and for direct marketing
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys Consent, if voluntarily provided (Article 6
(1) (a) UK GDPR)
Legitimate Interest (Article 6 (1) (f) UK GDPR)

International data transfers

In the event that we transfer your personal data outside the United Kingdom, we ensure that your data is protected in a manner which is consistent with the UK GDPR. Therefore, and if required by applicable law, we take the following measures:

We transfer personal data to recipients outside the United Kingdom only if the recipient has (i) entered into UK Standard Contractual Clauses with us, or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting dataprotection@siemens.com.

Your competent data protection authority

In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at dataprotection@siemens.com. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.

A list and contact details of local data protection authorities is available here.

18.

Further information for US residents

If you are a U.S. resident, then please take note of the following:

Do Not Track

At this time our Online Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.

Usage by Children

This Online Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.

Opt-Out Preference Signals

Your browser may have settings that allow it to send Opt-Out Preference Signals, which would indicate your intent that we not sell or share personal data collected online. Our internet websites are configured to process such Opt-Out Preference Signals in a frictionless manner. You may consult your browsers settings to implement Opt-out Preference Signals.

State Rights

Depending on the US state in which you reside, you may have special rights with respect to your personal data. For information regarding any of those rights, please click here.

19.

Further information for Siemens employees
Further Siemens-internal privacy notices are available in the footer information in the Siemens Intranet (Siemens Intranet access required).

 

Link to the previous Privacy Policy updated on May 17, 2018