REMECH data privacy notice

Categories of Data and Purpose of Processing

When using our marketplaces (each referred to as a “Marketplace”), we process the following categories of personal data:

• Your contact information, such as first and last name, business address, business phone number, business mobile number, and business email address
• Organizational information, including position and company name
• Payment data, such as information required for processing payments or fraud prevention, including credit card details and verification codes
• Other personal data you provide in contact and other forms on a Marketplace
• Information you provide in support requests, surveys, comments, or forum posts
• Information legally required for compliance and export control screenings, such as date of birth, nationality, residence, ID numbers, and details of relevant legal proceedings
• Automatically collected data during Marketplace use, such as device and user identifiers, operating system details, pages and services accessed, and the date and time of user requests

We process your personal data for the following purposes:

• Communication with you regarding our services and products, e.g., to respond to inquiries or provide technical product information
• Planning, execution, and management of the (contractual) business relationship, e.g., to process product and service orders, collect payments, for accounting and billing purposes, and to carry out deliveries, maintenance, or repairs
• Contacting you with information and offers about our products and services and conducting further marketing activities and customer satisfaction surveys as described in Section 4
• Maintaining and protecting the security of our products, services, and websites, preventing and detecting security risks, fraudulent behavior, or other criminal or harmful actions
• Compliance with legal requirements (e.g., tax and commercial retention obligations), obligations to conduct compliance screenings (to prevent economic crime or money laundering), and adherence to our policies and industry standards

Resolving legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims

Categories of Data and Purpose of Processing

In the context of cooperation with business partners, we process personal data of end users and contact persons at customers, prospects, distributors, suppliers, and partners (each referred to as a “Business Partner”):

• Contact information, such as first and last name, business address, business phone number, business mobile number, and business email address
• Organizational information, including position and company name
• Payment data, such as information required for processing payment transactions or fraud prevention, including credit card details and verification codes
• Additional information required for the execution of a project or contractual relationship with us, or voluntarily provided by business partners, e.g., in the context of orders, inquiries, or project details
• Personal data obtained from publicly available sources (including corporate or professional social networks and websites), information databases, or credit agencies
• Information legally required for compliance and export control screenings, such as date of birth, nationality, residence, ID numbers, and details of relevant legal proceedings and other disputes involving business partners

We process personal data for the following purposes:

• Communication with business partners regarding products, services, and projects, e.g., to respond to inquiries or provide technical product information
• Planning, execution, and management of the (contractual) business relationship between the business partner and us, e.g., to process product and service orders, collect payments, for accounting and billing purposes, and to carry out deliveries, maintenance, or repairs
• Creation of a personal profile with business-related information about interactions between you and us, with the aim of offering you and the company you work for relevant information and suitable offers for services and products, and improving our personal communication with you
• Conducting market analyses, sweepstakes, competitions, or similar campaigns and events
• Contacting you with information and offers about our products and services and conducting further marketing activities and customer satisfaction surveys as described in Section 4
• Maintaining and protecting the security of our products and services as well as our websites, preventing and detecting security risks, fraudulent behavior, or other criminal or harmful actions
• Compliance with legal requirements (e.g., tax and commercial retention obligations), obligations to conduct compliance screenings (to prevent economic crime or money laundering), and adherence to our policies and industry standards
• Resolving legal disputes, enforcing existing contracts, and asserting, exercising, and defending legal claims

• In accordance with applicable laws, we may use your contact details for direct marketing purposes (e.g., trade fair invitations, newsletters with information and offers about our products and services) and to conduct customer satisfaction surveys, including via email.
• You have the right to object to the use of your contact details for these purposes at any time by sending an email to datenschutz(at)remech.de or by using the opt-out option provided in the message you received.

If you apply for an open position with us, we process your personal data as described in the privacy policy of the Siemens Recruiting Portal:

www.siemens.com/global/en/company/jobs.html

We only transfer your personal data as described below:

• Group Companies and Sales Partners

To the extent necessary for conducting our business relationship with you, we transfer your personal data to our group companies and other third parties (e.g., sales partners and representatives). For example, we distribute certain products and services exclusively through local business relationships, and in such cases, we transfer your personal data to our respective local group companies or other sales partners who manage the business relationship with you.

• Transactions on Our Marketplaces

Through our marketplaces, we also offer products, services, and offers from our group companies and other third parties. We transfer personal data of our customers in connection with these transactions to the respective group company and/or other third parties.

• Service Providers

We engage group companies and other companies to perform tasks on our behalf, such as IT services or payment processing. These group companies and other companies process personal data solely for the purpose of the commissioned services.

• Other Third Parties

We transfer personal data in connection with fulfilling legal obligations or establishing, exercising, or defending rights or claims to other third parties (e.g., for court and arbitration proceedings, to regulatory, law enforcement, and government authorities, to lawyers and consultants).

Recipients of your personal data may be located outside the country in which you reside. Personal data that you publish via online offerings (e.g., in chat rooms or forums) may be accessible worldwide to other registered users of the respective online offering.

Unless a specific retention period is explicitly stated at the time of data collection (e.g., in a consent declaration), your personal data will be deleted once it is no longer required to fulfill the purpose of storage, unless legal retention obligations (e.g., commercial and tax-related retention requirements) prevent deletion.

Under applicable data protection law, you may have the right to:

• Request confirmation as to whether we process personal data about you and obtain information about the personal data we process
• Request the correction of inaccurate personal data
• Request the deletion of personal data we process
• Request the restriction of the processing of personal data
• Request the transfer of personal data that you have actively provided to us
• Object to the processing of personal data for reasons arising from your particular situation
• Withdraw any consent you have given

We take appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, misuse or alteration, as well as unauthorized disclosure or access.

Our data protection organization supports all inquiries related to data protection. Complaints can also be submitted to our data protection organization, and the rights mentioned in this privacy policy can be exercised.

You can contact our data protection organization at: datenschutz(at)remech.de

Our data protection organization always strives to address and resolve your inquiries and complaints. In addition to contacting the data protection organization, you also have the option to contact the competent data protection supervisory authority at any time.

This section applies if your personal data is processed by one of our companies located in the European Economic Area.

Controller for Data Processing – Online Offerings

The controller within the meaning of the GDPR for the processing activities described in this privacy policy is the company named in the imprint of the respective online offering.

Marketplaces

The company listed as the operator of the marketplace is the controller for data processing.

Personal Data of Business Partners in Our Customer Relationship Systems

We may share contact information of business partners within the scope of your business relationship with us with other group companies. We and these group companies are jointly responsible for protecting your personal data (Art. 26 GDPR). To ensure that you can exercise your data protection rights easily and reliably within this joint responsibility, we have agreed with these group companies that you may assert your rights described in Section 6 not only with the respective group company, but also centrally with Siemens AG.

Please contact us at: datenschutz(at)siemens.com

Legal Basis for Processing

The General Data Protection Regulation (GDPR) requires REMECH/Siemens to inform you about the legal basis for data processing. Unless otherwise explicitly stated at the time of data collection, the legal basis for processing your personal data is:

• The performance and fulfillment of a contract with you (Article 6(1)(b) GDPR) – “Contract Performance”
• Compliance with legal obligations to which we are subject (Article 6(1)(c) GDPR) – “Legal Obligation”
• Protection of our legitimate interests (Article 6(1)(f) GDPR) – “Legitimate Interest in Processing”
•  

Our legitimate interest lies in processing your personal data for the purpose of (i) offering and operating the online offerings and (ii) initiating, executing, and managing our business relationship.

Where our legitimate interest in processing is stated as the legal basis in the table below, we believe your interests, fundamental rights, and freedoms are sufficiently considered because:

• We regularly review the processing activities and underlying processes described in this privacy policy
• We incorporate the protection of your personal data into our processes, including the Siemens Binding Corporate Rules
• We ensure transparency in our processing activities
• You have the aforementioned rights regarding our processing activities

If you would like more information about the balancing of interests described, please contact our data protection organization at: datenschutz(at)remech.de

If you have explicitly given your consent to the processing of your personal data in a specific case, this consent is the legal basis for processing (Article 6(1)(a) GDPR) – “Consent”

International Data Transfers

• If we transfer your personal data to a recipient located outside the European Economic Area, we ensure that your data is adequately protected in accordance with the General Data Protection Regulation (GDPR). In this context, we take the following measures, where legally required:
• We only transfer your personal data to group companies in such countries if they have implemented the Binding Corporate Rules (BCR) for the protection of personal data.
  More information about Siemens' BCR can be found here.
• We only transfer personal data to external recipients in such countries if they have either (i) entered into EU Standard Contractual Clauses with us or (ii) implemented Binding Corporate Rules.
  For more information and a copy of the implemented measures, please contact: datenschutz(at)siemens.com

Competent Data Protection Authority

Our data protection organization supports all inquiries related to data protection. In addition to contacting the data protection organization, you may also contact the competent data protection supervisory authority of the state of Thuringia at any time:

https://www.tlfdi.de/kontakt/

Every affected data subject has the right to enforce their rights in court or to file a complaint with the competent data protection authority.

The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC):
http://www.edoeb.admin.ch

The following informations applies for US-citizens:

Do Not Track
Our online offerings do not recognize “Do Not Track” settings in your web browser. For more information about “Do Not Track” functionality, please refer to your browser’s help pages.

Use by Children
Our online offerings are not directed at children under the age of 13. Where legally required, we do not knowingly collect personal data from children under 13 without parental consent. We only collect and transfer personal data from children where legally permitted, to obtain parental consent or to protect the child.

Your Rights in Certain U.S. States
Under the laws of certain U.S. states, residents of those states may have additional rights regarding their personal data. For more information, please visit:

www.siemens.com/us/en/general/legal/us-internet-privacy-notice-state-rights.html

Further information for Siemens employees can be found in the data protection section of the intranet.