Privacy Notice
Last Update: January 2023
We (meaning the specific company that has provided or referred you to this privacy notice or that is identified on this page as being the operator of this website) believe that protecting the security and privacy of your personal data is important. This Privacy Notice explains how we collect, store, use, disclose and transfer (hereinafter “process”) your personal data. The personal data that we collect about you depends on the context of your interactions with us, the products, services and features that you use, your location, and applicable law.
1. Processing of personal data related to your use of our websites, applications and online services
Categories of personal data processed, and purpose of the processing
When visiting our external and internal websites or using our applications, or online services (each an “Online Offering”), we may process the following categories of personal data:
- Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
- Organizational information, including job position and company name;
- Information submitted as part of a support request, survey or comment or forum post;
- Further personal data that you provide by filling in forms in our Online Offerings; and
- Information on your interaction with the Online Offering, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.
We process your personal data for the following purposes:
- To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings;
- To bill your use of the Online Offering;
- To verify your identity;
- To answer and fulfill your requests or instructions;
- To process your order or to provide you with access to specific information or offers;
- To contact you with information and offers concerning our products and services, to send you further marketing information or to contact you in the context of customer satisfaction surveys as explained in Section 4; and
- As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems.
Online Offerings provided by your organization
Our Online Offerings may be provided to you for your use by the organization to which you belong, such as our enterprise customers. If your organization provides you with access to an Online Offering, our processing of personal data provided by or collected from you or your organization in connection with the Online Offering’s content is performed under the direction of your organization and is subject to a data processing agreement between your organization and us. In such instance, your organization is responsible for any personal data contained in such content and you should direct any questions about how personal data contained in such content is used to your organization.
2. Processing of personal data related to your use of our marketplaces
Categories of personal data processed, and purpose of the processing
When visiting our online stores and marketplaces (each a “Marketplace”), we may process the following categories of personal data:
- Your contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
- Organizational information, including job position and company name;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Information submitted as part of a support request, survey or comment or forum post;
- Further personal data that you provide by filling in forms in our Marketplace;
- Information that are legally required compliance screenings or export control checks; such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings; and
- Information on your interaction with the Marketplace, including your device and user identifier, information on your operating system, sites and services accessed during your visit, the date and time of each visitor request.
We process your personal data for the following purposes:
- Communicating with you about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
- Planning, performing and managing the (contractual) relationship with customers, e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
- Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, customer compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
3. Processing of personal data related to your business relationship with us
Categories of personal data processed, and purpose of the processing
In the context of the business relationship with us, we may process the following categories of personal data of consumers and contact persons at (prospective) customers, suppliers, vendors and partners (each a “Business Partner”):
- Contact information, such as full name, work address, work telephone number, work mobile phone number and work email address;
- Organizational information, including job position and company name;
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further information necessarily processed in a project or contractual relationship with us or voluntarily provided by the Business Partner, such as personal data relating to orders placed, payments made, requests, and project milestones;
- Personal data collected from publicly available resources (including business and employment oriented social networks and websites), integrity data bases and credit agencies; and
- Information that are legally required for Business Partner compliance screenings or export control checks, such as date of birth, nationality, place of residence, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against Business Partners.
We may process the personal data for the following purposes:
- Communicating with Business Partners about our products, services and projects, e.g. by responding to inquiries or requests or providing you with information about purchased products;
- Planning, performing and managing the (contractual) relationship with Business Partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services;
- To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you;
- Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events;
- Contacting you with information and offers concerning our products and services, sending you further marketing messages and conducting customer satisfaction surveys as explained in Section 4;
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities;
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, Business Partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
4. Processing of personal data for customer satisfaction surveys and for direct marketing
Where and as permitted under applicable law, we may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys, in each case also by e-mail. You may object to the processing of your contact data for these purposes at any time by writing to [email protected] or by using the opt-out mechanism provided in the respective communication you received.
If you subscribe to the Mendix newsletter and/or updates, we will use your email address to send the newsletter and/or updates to you. You may unsubscribe at any time by using the link in each newsletter or to unsubscribe or update communication or visit our web site the unsubscribe page.
5. Processing of personal data related to your job application
When you apply for a job, we process your personal data as set out in the privacy notice of the Mendix Careers website or of the respective other recruiting platform you may use.
6. Transfer and disclosure of personal data
We only transfer your personal data as described below:
- Affiliated Companies and sales partners
For the purpose of and to the extent necessary to conduct our business relationship with you, we may share your personal data with affiliates and other third parties (e.g., sales partners and agents). We, for example, sell certain products and services only via local business relationships and in this case, we may transfer your personal data to our respective local affiliates or other sales partners conducting the business relationship with you.
- Transactions on our Marketplaces
Via our Marketplaces we make available products, services and offerings of affiliates and other third parties. We share customers’ personal data related to those transactions with that affiliate and/or third party.
- Service Providers
We employ affiliates and other companies to perform functions on our behalf, such as IT-services or payment processing services. These affiliates and other companies process personal data only for the purpose of such services.
- Other third parties
We may transfer personal data to other third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to regulators, law enforcement and government authorities, to attorneys and consultants).
The recipients of your personal data may be located outside of the country in which you reside.
Personal data published by you on Online Offerings (such as chat rooms or forums) may be globally accessible to other registered users of the respective Online Offering.
7. Retention periods
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary for the purposes for which they were collected or otherwise processed, or to comply with legal obligations (such as retention obligations under tax or commercial laws).
8. Your rights
The data protection laws in the jurisdiction in which you reside may entitle you to specific rights in relation to your personal data.
In particular, and subject to the legal requirements, you may be entitled to
- Obtain from us confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
- Obtain from us the correction of inaccurate personal data concerning you;
- Obtain from us the erasure of your personal data;
- Obtain from us restriction of processing regarding your personal data;
- Data portability concerning personal data, which you actively provided;
- Object, on grounds relating to your particular situation, to further processing of personal data concerning you; and
- Withdraw your consent to our processing of your personal data.
9. Security
To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.
10. Data privacy contact
Our Data Privacy Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Data Privacy Organization may be contacted at: [email protected].
The Data Privacy Organization will always use reasonable efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.
11. Processing under the EU’s General Data Protection Regulation
This section applies and provides you with further information if your personal data is processed by one of our companies located in the European Economic Area.
Data Controller
Online Offerings
The specific company identified in the Online Offering as being the operator of the Online Offering is the data controller in the meaning of the General Data Protection Regulation for the processing activities described in this Privacy Notice.
Marketplaces
The specific company identified on the Market Place as being the operator of the Marketplace is the data controller.
Business Partner personal data in Customer Relationship Systems
In the course of our business relationship with you, we may share Business Partner contact information with affiliated companies. We and these affiliated companies are jointly responsible for the proper protection of your personal data (Art. 26 General Data Protection Regulation).
To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Siemens companies granting you the right to centrally exercise your data subject rights under section 8 of this Privacy Notice against Siemens AG.
To exercise your rights, you may reach out to: [email protected].
Legal basis of the processing
The General Data Protection Regulation requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing data about you is that such processing is necessary for the purposes of
- exercising our rights and performing our obligations under any contract we make with you (Article 6 (1) (b) General Data Protection Regulation) (“Contract Performance”);
- Compliance with our legal obligations (Article 6 (1) (c) General Data Protection Regulation) (“Compliance with Legal Obligations”); and/or
- Legitimate interests pursued by us (Article 6 (1) (f) General Data Protection Regulation) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, including our Binding Corporate Rules on the Protection of Personal Data, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Organization at: [email protected].
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation) (“Consent”).
Purpose | Legal Basis | ||
Processing of personal data in the context of Online Offerings | |||
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, | Contract Performance (Article 6 (1) (b) General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
To bill your use of the Online Offering | Contract Performance (Article 6 (1) (b) General Data Protection Regulation) Legitimate Interest (Article 6 (1) (f) GDPR | ||
To verify your identity | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
To answer and fulfill your requests or instructions | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
To process your order or to provide you with access to specific information or offers | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4 | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems | Compliance with Legal Obligations (Article 6 (1) (c) GDPR Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Processing of personal data related to your use of marketplaces and/or business relationship with us | |||
Communicating about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products | Contract Performance (Article 6 (1) (b) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services; | Contract Performance (Article 6 (1) (b) GDPR) Compliance with Legal Obligations (Article 6 (1) (c) GDPR) | ||
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you | Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4; | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; | Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and | Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. | Compliance with Legal Obligations (Article 6 (1) (c) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Processing of personal data for customer satisfaction surveys and for direct marketing | |||
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys | Consent, if voluntarily provided (Article 6 (1) (a) GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) |
International data transfers
In the event that we transfer your personal data outside the European Economic Area, we ensure that your data is protected in a manner which is consistent with the General Data Protection Regulation. Therefore, and if required by applicable law, we take the following measures:
- We share your personal data with affiliated companies outside the European Economic Area only if they have implemented our Binding Corporate Rules („BCR“) for the protection of personal data. Further information about the BCR can be found here.
- We transfer personal data to external recipients outside the European Economic Area only if the recipient has (i) entered into EU Standard Contractual Clauses with us, or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting [email protected].
Your competent data protection authority
In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at [email protected]. Besides contacting the Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.
A list and contact details of local data protection authorities is available here.
12. Processing under the Brazilian General Data Protection Law
This section applies and provides you with further information if the processing by one of our companies (i) occurs in Brazilian territory, (ii) concerns the data of individuals located in Brazilian territory, (iii) comprises personal data collected in Brazilian territory or (iv) has as its objective the offer or supply of goods or services to individuals located in Brazilian territory. In these cases the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados – LGPD) applies to the processing of your personal data and the following additions and/or deviations apply to sections 2, 5, 6, 9, of this Data Privacy Notice:
Retention Periods
As allowed under article 16 of LGPD we may retain your personal data to comply with legal or regulatory obligations (such as retention obligations under tax or commercial laws), during the legal statute of limitation period, or for the regular exercise of rights in judicial, administrative or arbitration proceedings.
Your rights
Additionally to the rights mentioned in this Data Privacy Notice, you are entitled under LGPD to:
- In case you understand your data is not being processed in accordance with the applicable data protection law or in an excessive way, request us to anonymize, block or delete unnecessary or excessive personal data or;
- Request information regarding the public and/or private entities we shared your personal data with;
- Be informed about the possibility of not giving your consent to process your data and the consequences of not giving the consent in case we request your consent to process your data;
- Revoke at any time your consent to our processing of your personal data in case we request your consent to process your data
Legal basis of the processing
The Brazilian General Data Protection Law requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing is:
-
- Article 7 V LGPD (“Contract Performance”);
- Article 7 II LGPD (“Compliance with Legal Obligations”);
- Article 10 I and II LGPD (“Legitimate Interest”).
- Article 7 I LGPD (“Consent”).
International transfers
Following the LGPD requirements defined in the Article 33 of Brazilian General Data Protection Law, in the event that we transfer your personal data outside the Brazilian territory, we ensure that your data is protected in a manner which is consistent with the Brazilian General Data Protection Law, we will follow the applicable law and decisions imposed by the proper authority.
Your competent data protection contact
If this section applies, you may also contact our Brazilian Data Privacy Organization at [email protected]
13. Processing under Canadian privacy laws
Each Siemens company established in Canada (“Siemens in Canada Entity”) maintains your personal data on secure servers that are accessible to authorized employees, representatives or agents who require access for the purposes descried in this privacy notice. If you have any questions about how a Siemens in Canada Entity processes your personal data, including with respect to its use of service providers outside of Canada, or if you would like to exercise any of your rights in respect of your personal data under the control of a Siemens in Canada Entity, you may contact the Siemens in Canada Privacy Officer at [email protected].
14. Processing under People’s Republic of China Personal Information Protection Law
This section applies and provides you with further information if the processing by one of our companies is located within the borders of People’s Republic of China (“PRC”) or concerns the data of individuals within the borders of PRC.
Processing of sensitive personal information
According to the PIPL, sensitive personal information means personal information that, once leaked or illegally used, may easily cause harm to the dignity of natural persons grave harm to personal or property security, including information on biometric characteristics, religious beliefs, specially-designated status, medical health, financial accounts, individual location tracking, etc. as well as the personal information of minors under the age of 14.
In addition to the payment data mentioned in section 2 of this Data Private Notice, we will, in principle, not process your sensitive personal information. In case your sensitive personal information will be processed, we will notify you about the necessity of processing and effects on the individual’s rights and interests, and obtain your specific consent if applicable.
Transfer and disclosure of personal data
Following the requirements defined in the Article 23 of PIPL, additionally to the contents mentioned in section 4, we, in principle, will not transfer or share your personal information to third party controllers, unless (1) obtain your specific consent if applicable, or (2) to fulfill the statutory duties under local laws and regulations.
International Transfer
You acknowledge that your data will be transferred and proceed outside of PRC. We will follow the applicable laws and decisions imposed by the competent authority, and ensure that your data is protected in a manner which is consistent with the PRC Personal Information Protection Law. If you or the company you work for is a Business Partner, please be aware that Siemens is a multi-national company, and for the purpose of concluding or fulfilling the contract/agreement with you or the company you work for, you understand and agree that we may transfer your personal information to foreign affiliated companies.
Legal Basis of the processing
The PIPL requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing is:
- PIPL Article 13(2) (“Contract Performance”);
- PIPL Article 13(3) (“Statutory duties and responsibilities”)
- PIPL Article 13(6) (“Process publicly available data”);
- PIPL Article 13(1) (“Consent”)
Usage by Children
This Online Offering is not directed to children under the age of fourteen (14). We will not knowingly collect personal data from children under the age of fourteen (14) without prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
15. Processing under South Africa’s Protection of Personal Information Act
For Business Partners and users located in South Africa, please take note of the following:
In terms of section 1 of the Protection of Personal Information Act, 2013 (“POPI”), “personal data” or “personal information” includes “information relating to an identifiable, living, natural person, and where it is applicable, an identifiable, existing, juristic person.”
The corresponding legal grounds and conditions for lawful processing of personal data in South Africa are contained in Sections 8 to 25 of POPI, and relate to “Accountability”; “Processing limitation”; “Purpose specification”; “Further processing limitation”; “Information quality”; “Openness”; “Security safeguards” and “Data subject participation”.
In terms of section 69 of POPI, the processing of personal information of a data subject for the purposes of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, sms’s or e-mail is prohibited unless the data subject has provided consent to the processing, or is, subject to further conditions, an existing customer of the responsible party.
For purposes of a Data Subject exercising its rights further enquiries and the exercise of its rights in relation to access, objection to, and complaints in respect of the processing of personal data, the contact particulars of the Information Regulator of South Africa, are as follows:
JD House, 27 Stiemens Street
Braamfontein
Johannesburg
2001
PO Box 31533
Braamfontein
Johannesburg
2017
Complaints: [email protected]
General enquiries: [email protected]
16. Processing under the United Kingdom’s Data Protection Act 2018 and the UK GDPR
This section applies and provides you with further information if your personal data is processed by one of our companies located in the United Kingdom under the Data Protection Act 2018 and/or the UK GDPR (meaning Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018).
Data Controller
The specific company identified on this page as being the operator of this website is the data controller in the meaning of the UK GDPR for the processing activities described in this Privacy Notice.
In the course of our business relationship with you, we may share Business Partner contact information with affiliated Siemens companies. We and these Siemens companies are jointly responsible for the proper protection of your personal data (Art. 26 UK GDPR). To allow you to effectively exercise your data subject rights in the context of this joint controllership, we entered into an agreement with these Siemens companies granting you the right to centrally exercise your data subject rights under section 7 of this Privacy Notice against Siemens Aktiengesellschaft, Germany.
To exercise your rights, you may reach out to: [email protected].
Legal basis of the processing
The UK GDPR requires us to provide you with information on the legal basis of the processing of your personal data.
The legal basis for our processing data about you is that such processing is necessary for the purposes of
- exercising our rights and performing our obligations under any contract we make with you (Article 6 (1) (b) UK GDPR) (“Contract Performance”);
- Compliance with our legal obligations (Article 6 (1) (c) UK GDPR) (“Compliance with Legal Obligations”); and/or
- Legitimate interests pursued by us (Article 6 (1) (f) UK GDPR) (“Legitimate Interest”). Generally, the legitimate interest pursued by us in relation to our use of your personal data is the efficient performance or management of (i) your use of the Online Offerings, and/or (ii) our business relationship with you. Where the below table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interest is not overridden by your interests and rights or freedoms, given (i) the regular reviews and related documentation of the processing activities described herein, (ii) the protection of your personal data by our data privacy processes, (iii) the transparency we provide on the processing activity, and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact our Data Privacy Organization at: [email protected]
In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for us processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) UK GDPR) (“Consent”).
Purpose | Legal Basis | ||
Processing of personal data in the context of Online Offerings | |||
To provide the Online Offering’s services and functions which includes creating and administering your online account, updating, securing, and troubleshooting, providing support, as well as improving and developing our Online Offerings, | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
To bill your use of the Online Offering | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR | ||
To verify your identity | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
To answer and fulfill your requests or instructions | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
To process your order or to provide you with access to specific information or offers | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
To send you marketing information or to contact you in the context of customer satisfaction surveys as further explained in Section 4 | Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
As reasonably necessary to enforce the Online Offering’s terms, to establish or preserve a legal claim or defense, to prevent fraud or other illegal activities, including attacks on our information technology systems | Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Processing of personal data related to your use of marketplaces and/or business relationship with us | |||
Communicating about our products, services and projects, e.g. by responding to inquiries or requests or providing you with technical information about purchased products | Contract Performance (Article 6 (1) (b) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Planning, performing and managing the (contractual) relationship; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services; | Contract Performance (Article 6 (1) (b) UK GDPR) Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) | ||
To create a personal profile containing business-related information on interactions between you and us with the aim of being able to offer you and the company you work for relevant information and suitable offers for our services and products and to improve our personal communication with you | Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Administrating and performing market analysis, sweepstakes, contests, or other customer activities or events; | Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Conducting customer satisfaction surveys and direct marketing activities as further explained in Section 4; | Consentt, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities; | Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and our policies or industry standards; and | Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) | ||
Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims. | UK Compliance with Legal Obligations (Article 6 (1) (c) UK GDPR) Legitimate Interest (Article 6 (1) (f) GDPR) | ||
Processing of personal data for customer satisfaction surveys and for direct marketing | |||
Processing of your contact information for direct marketing purposes (e.g. trade show invitations, newsletters with further information and offers concerning our products and services) and to carry out customer satisfactions surveys | Consent, if voluntarily provided (Article 6 (1) (a) UK GDPR) Legitimate Interest (Article 6 (1) (f) UK GDPR) |
International data transfers
In the event that we transfer your personal data outside the United Kingdom, we ensure that your data is protected in a manner which is consistent with the UK GDPR. Therefore, and if required by applicable law, we take the following measures:
We transfer personal data to recipients outside the United Kingdom only if the recipient has (i) entered into UK Standard Contractual Clauses with us, or (ii) implemented Binding Corporate Rules in its organization. You may request further information about the safeguards implemented in relation to specific transfers by contacting [email protected].
Your competent data protection authority
In case of data privacy related concerns and requests, we encourage you to contact our Data Privacy Organization at [email protected]. Besides contacting the Data Privacy Organization, you always have the right to approach the UK data protection authority, the Information Commissioner’s Office (www.ico.org.uk) with your request or complaint.
17. Further information for US residents
If you are a U.S. resident, then please take note of the following:
Do Not Track
At this time our Online Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.
Usage by Children
This Online Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
State Rights
Depending on the US state in which you reside, you may have special rights with respect to your personal data. For information regarding any of those rights, please click here.
18. Further information for Siemens employees
Further Siemens-internal privacy notices are available in the footer information in the Siemens Intranet (Siemens Intranet access required).
最后更新:2023年9月
我们(即向您提供或推荐您参阅本隐私声明的特定公司,或在本页上标识为本网站的运营商的公司)认为保护您的个人数据的安全和隐私非常重要。本隐私声明说明了我们如何收集、存储、使用、披露和转让(以下简称“处理”)您的个人资料。我们收集的有关您的个人数据取决于您与我们互动的背景、您使用的产品、服务和功能、您所在的位置以及适用的法律。
1) 处理与您使用我们的网站、应用程序和在线服务有关的个人数据
在访问我们的外部和内部网站或使用我们的应用程序或在线服务(各称为“在线服务”)时,我们可能会处理以下类别的个人数据:
- 您的联系方式,如全名、工作地址、工作电话、工作手机、电话号码及工作邮箱等;
- 您的组织信息,包括职位和公司名称;
- 作为支持请求、调查、评论或论坛帖子的部分而提交的信息;
- 您通过填写我们在线产品中的表格所提供的个人数据;以及
- 您与在线产品互动的信息,包括您的设备和用户标识符、您的操作系统信息、访问期间访问的网站和服务、每个访问者请求的日期和时间。
我们处理您的个人资料的目的如下:
- 提供“在线产品”的服务和功能,包括创建和管理您的在线帐户、更新、保护和排除故障、提供支持以及改进和开发我们的“在线产品”;
- 向您收取使用在线产品的费用;
- 验证您的身份;
- 解答并完成您的要求或指示;
- 处理您的订单或向您提供访问特定信息或请求的权限;
- 向您提供有关我们产品和服务的信息和报价,并进一步发送给您营销信息或在客户满意度调查的背景下与您联系,如第4节所述; 以及
- 在合理必要的情况下,用于执行在线要约的条款,建立或维护法律索赔或辩护,防止欺诈或其他非法活动,包括对我们信息技术系统的攻击。
您的组织提供的在线产品
我们的在线产品可能由您所属的组织(例如我们的企业客户)提供给您供您使用。如果您的组织向您提供访问在线产品的权限,我们对您或您的组织提供的或从您或您的组织收集的与在线产品内容相关的个人数据的处理会是在您的组织的指导下进行的,并受您的组织与我们之间的数据处理协议的约束。在这种情况下,您的机构须对该等内容所载的任何个人资料负责,请向您的机构询问有关该等内容所载的个人资料如何被使用的问题。
2) 处理与您使用我们的平台相关的个人数据
处理的个人资料类别及处理的目的
在访问我们的在线商店和平台(各为“平台”)时,我们可能会处理以下类别的个人数据:
- 您的联系方式,如姓名、工作地址、工作电话、工作手机号码及工作邮箱等;
- 组织信息,包括职位、公司名称;
- 支付数据,如处理支付和防止欺诈所需的数据,包括信用卡/借记卡号码、安全码号码及其他相关账单信息;
- 作为支持请求、调查、评论或论坛帖子的一部分提交的信息;
- 您通过在我们的市场中填写表格提供的其它个人数据;
- 依据相关法律法规要求而进行的合规审查或出口控制检查所需要的信息,例如出生日期、国籍、居住地、身份证号、身份证以及有关重大诉讼或者其他法律程序的情况;以及
- 您与平台互动的信息,包括您的设备和用户标识符、您的操作系统信息、您访问期间访问的网站和服务、每个访问者请求的日期和时间。
我们处理您的个人资料的目的如下:
- 与您就我们的产品、服务和项目进行沟通,例如回复您的询问或回复您的请求或向您提供所购买产品的信息;
- 规划、执行和管理与客户的(合同)关系,例如,通过执行交易和产品或服务订单、处理付款、执行会计、审计、计费和收款活动、安排发货和交付、促进维修和提供支持服务;
- 向您提供有关我们产品和服务的信息和优惠,向您发送进一步的营销信息,并进行第4条所述的客户满意度调查;
- 维护和保护我们的产品、服务和网站的安全,预防和检测安全威胁、欺诈或其他犯罪或恶意活动;
- 确保遵守法律义务(如记录保存义务)、出口管制和海关、客户合规审查义务(防止白领或洗钱犯罪)以及我们的政策或行业标准; 以及
- 解决争议,执行我们的合同协议,建立、行使或辩护法律索赔。
3) 处理与您与我们的业务活动有关的个人数据
处理的个人资料类别及处理的目的
在与我们的业务活动中,我们可能会处理以下类别的用户和(潜在)客户、供应商、销售商和合作伙伴(各为“业务合作伙伴”)的联系人的个人数据:
- 联系方式,如全名、工作地址、工作电话、工作手机、工作邮箱等;
- 组织信息,包括职位和公司名称;
- 支付数据,如处理支付和防止欺诈所需的数据,包括信用卡/借记卡号、安全码和其他相关计费信息;
- 在与我们的项目或合同关系中必须处理或由业务合作伙伴自愿提供的进一步信息,例如与下订单、付款、请求和项目进展状态相关的个人数据;
- 从公开渠道(包括以商业和就业为导向的社交网络和网站)、诚信数据库和信用机构收集的个人数据; 以及
- 依据相关法律法规要求对业务合作伙伴进行的合规审查或出口控制检查所需要的信息,如出生日期、国籍、居住地、身份证号、身份证以及针对业务合作伙伴的相关和重大诉讼或其他法律诉讼的信息。
我们可能会出于以下目的处理个人资料:
- 与业务合作伙伴就我们的产品、服务和项目进行沟通,例如,通过回复查询或请求或向您提供有关购买产品的信息;
- 规划、执行和管理与业务合作伙伴的(合同)关系; 例如,通过履行产品或服务的交易和订单、处理付款、执行会计、审计、计费和收款活动、安排装运和交付、协助维修和提供支持服务;
- 创建包含您与我们之间互动的业务相关信息的个人档案,目的是能够为您和您所在的公司提供我们服务和产品的相关信息和合适报价,并改善我们与您的个人沟通;
- 管理和执行市场分析、抽奖、竞赛或其他客户活动事件;
- 向您提供有关我们产品和服务的信息和优惠,向您发送进一步的营销信息,并进行第4条所述的客户满意度调查;
- 维护和保护我们的产品、服务和网站的安全,预防和检测安全威胁、欺诈或其他犯罪或恶意活动;
- 确保遵守法律义务(如记录保存义务)、出口控制和海关、业务合作伙伴合规审查义务(防止白领或洗钱犯罪)以及我们的政策或行业标准; 和
- 解决争议,执行我们的合同协议,建立、行使或辩护法律索赔。
4) 处理个人资料以用作客户满意度调查和直接营销之用
在适用法律允许的情况下,我们可能会将您的联系信息用于直接营销目的(例如,展会邀请、包含进一步信息的通讯以及有关我们产品和服务的优惠),并进行客户满意度调查,在以上所列的营销以及调查均是会通过电子邮件进行。您可以随时通过写信至[email protected]或使用您收到的相应通信中提供的退出机制来取消出于该目的对您的联系信息的处理。
如果您订阅了 Mendix 资讯和/或更新,我们将使用您的电子邮件地址向您发送咨询和/或更新。您可随时通过使用每期资讯中的链接选择更新订阅选项或取消订阅,您也可访问我们网站进入页面选择取消订阅。
5) 处理与你的工作申请有关的个人资料
当您申请职位时,我们将按照Mendix招聘门户网站或您可能使用的其他招聘平台的隐私声明中所述的方式处理您的个人数据。
6) 转移及披露个人资料
我们只会按以下方式转移您的个人资料:
- 关联公司和销售合作伙伴
出于与您开展业务关系的目的和必要程度,我们可能会与关联公司和其它第三方(例如销售合作伙伴和代理商)共享您的个人数据。例如,我们仅通过本地业务关系销售某些产品和服务,在这种情况下,我们可能会将您的个人数据传输给我们各自的本地关联公司或与您有业务关系的其他销售合作伙伴。
- 平台上的交易
通过我们的平台,我们提供附属公司和其它第三方的产品和服务。我们与该关联公司和/或第三方共享与这些交易相关的客户个人数据。
- 服务提供商
我们雇用附属公司和其他公司代表我们履行职能,例如it服务或支付处理服务。这些关联公司和其他公司仅为此类服务的目的处理个人数据。
- 其它第三方
我们可能会将个人数据传输给与遵守法律义务或确立、行使或捍卫权利或索赔有关的其它第三方(例如,为法院和仲裁程序,向监管机构、执法机构和政府机构,向律师和顾问)。
您的个人数据的接收方可能位于您居住的国家以外。您在在线产品(如聊天室或论坛)上发布的个人数据可能在全球范围内被相应在线产品的其他注册用户访问。
7) 保留期限
除非在收集您的个人数据时另有说明(例如,在您填写的表格中),如果您的个人数据不再需要用于收集或以其他方式处理的目的,或遵守法律义务(例如税法或商业法律规定的保留义务),我们将删除您的个人数据。
8) 您的权利
您所在司法管辖区的数据保护法律可能赋予您与您的个人数据相关的特定权利。
特别是,根据法律要求,您可能有权:
- 向我们确认是否正在处理与您有关的个人数据;以及在这种情况下,访问个人数据;
- 要求我们更正与您有关的不准确的个人资料;
- 获取我们对您个人数据的删除;
- 向我们索取有关处理您个人资料的限制;
- 关于您主动提供的个人数据的数据可移植性;
- 基于与您的特殊情况相关的理由,反对进一步处理与您有关的个人数据;和
- 撤销您对我们处理您个人数据的同意。
9) 安全
为了保护您的个人资料免遭意外或非法破坏、丢失、使用或更改,以及防止未经授权的披露或访问,我们采用了适当的物理、技术和组织安全措施。
10) 数据隐私联络
我们的数据隐私保护组织会就任何与数据隐私有关的问题、意见、疑虑或投诉,或在您希望行使任何与数据隐私有关的权利时,提供支援。可通过以下方式与数据隐私组织联系: [email protected].
数据隐私保护组织将始终尽合理努力处理和解决您提请其注意的任何请求或投诉。除了与数据隐私组织联系外,您始终有权向主管数据保护机构提出请求或投诉。
11) 根据中华人民共和国个人信息保护法的处理
本节适用于在中华人民共和国( “中国”)境内或涉及中国境内个人的个人数据处理活动。
敏感个人信息的处理
根据《中华人民共和国个人信息保护法》,敏感个人信息是指一旦泄露或非法使用,可能会严重损害自然人尊严、个人或财产安全的个人信息,包括生物特征信息、宗教信仰、特定身份、医疗健康、财务账户、个人位置追踪等以及14岁以下未成年人的个人信息。
除了本《隐私声明》第2节中提到的支付数据外,原则上我们不会处理您的敏感个人信息。如果您的敏感个人信息将被处理,我们将通知您处理的必要性以及对个人权益的影响,并在适用的情况下获得您的单独同意。
个人数据的转让和披露
根据《中华人民共和国个人信息保护法》第23条的要求,除了第4节中提到的内容外,原则上我们不会将您的个人信息转让或分享给第三方控制者,除非(1)获得您的明确同意(如果适用),或者(2)为履行当地法律法规规定的法定职责。
数据处理位置及国际转移
我们根据本《隐私声明》收集和处理的个人信息原则上将储存中国境内。请您悉知,西门子是一家跨国公司,出于订立或履行我们与您之间的合同所必需要,您确认并同意我们可能将您提供给我们的个人信提供给我们的境外关联公司。我们确保向中国大陆地区以外的组织存储和传输您的个人信息时符合中华人民共和国相关法律法规的规定,并按相关法律法规的要求保护这些个人信息,包括但不限于:通过协议或产品页面向您告知境外接收方的姓名或名称、联系方式、处理目的、处理方式、涉及的个人信息种类以及您向境外接收方行使合法权利的方式和程序,并在适用法律要求的情况下取得您的单独同意。我们会采取签订协议、安全审计等必要措施,要求境外机构为所获得的您的个人信息保密。
处理的法律依据
《中华人民共和国个人信息保护法》要求我们向您提供关于处理您个人数据的法律依据的信息。
我们处理的法律依据包括:
- 《中华人民共和国个人信息保护法》第13条第2款(履行合同);
- 《中华人民共和国个人信息保护法》第13条第3款(法定职责和责任);
- 《中华人民共和国个人信息保护法》第13条第6款(处理公开可得的数据);
- 《中华人民共和国个人信息保护法》第13条第1款(同意)。
儿童使用
本在线服务不针对14岁以下的儿童。在适用法律要求的情况下,我们不会有意从14岁以下的儿童收集个人数据,除非事先获得父母的同意。我们只会根据法律的允许范围内使用或披露与儿童有关的个人数据,以寻求父母的同意、根据当地法律法规或保护儿童的需要。
【以下内容为其它不同国家/地区对于个人数据保护的补充说明】
12) 根据欧盟《一般数据保护条例》进行处理
如果您的个人数据由我们位于欧洲经济区的公司处理,本节适用并向您提供进一步信息。
数据控制者
在线产品
在线要约中确定为在线要约运营商的特定公司是本隐私声明中描述的处理活动的一般数据保护条例意义上的数据控制者。
平台
在交易平台上被标识为市场运营商的特定公司是数据控制者。
客户关系系统中的业务伙伴个人数据
在我们与您的业务关系过程中,我们可能会与关联公司共享业务合作伙伴的联系信息。我们和这些关联公司共同负责妥善保护您的个人数据(《一般数据保护条例》第26条)。
为了使您能够在本共同控制权的范围内有效地行使您的数据主体权利,我们与这些西门子公司签订了一项协议,授予您根据本隐私声明第8条对西门子股份公司集中行使您的数据主体权利的权利。
要行使您的权利,您可以联系:[email protected]。
处理的法律依据
《一般数据保护条例》要求我们向您提供有关处理您个人数据的法律依据的信息。
我们处理您的数据的法律依据是,此类处理对于以下目的是必要的:
- 履行与您达成的任何合同的权利和义务(《一般数据保护条例》第6条第1款(b)项)(“合同履行”);
- 遵守我们的法律义务(《一般数据保护条例》第6条第1款(c)项)(“遵守法律义务”);
- 我们追求的合法利益(《一般数据保护条例》第6条第1款(f)项)(“合法利益”)。通常,我们追求的合法利益与我们对您个人数据的使用的高效执行或管理(i)您对在线服务的使用,和/或(ii)我们与您的业务关系有关。在下表中,如果我们依赖于我们的合法利益来实现特定目的,我们认为我们的合法利益不会被您的利益和权利或自由所凌驾,这是因为(i)我们对所述处理活动的定期审核和相关文档,(ii)我们数据隐私流程对您个人数据的保护,包括我们关于个人数据保护的约束性企业规则,(iii)我们提供的处理活动的透明度,以及(iv)您对处理活动的权利。如果您希望获取有关此平衡测试方法的进一步信息,请联系我们的数据隐私组织,电子邮件地址为:[email protected]。
在某些情况下,我们可能会询问您是否同意我们对您的个人数据进行相关使用。在这种情况下,我们处理您的数据的法律依据可能是您已经同意(《一般数据保护条例》第6条第1款(a)项)(“同意”)。
国际数据转移
如果我们将您的个人数据转移到欧洲经济区之外,我们会确保以符合《一般数据保护条例》的方式保护您的数据。因此,如果适用法律要求,我们采取以下措施:
- 我们仅在附属公司已经实施了我们的公司间约束性规则(BCR)来保护个人数据的情况下,才与欧洲经济区之外的附属公司共享您的个人数据。关于BCR的更多信息,请在此处查找。
- 我们仅在外部接收方(位于欧洲经济区之外)已经与我们签署了欧盟标准合同条款,或者在其组织中实施了约束性公司规则的情况下,才将个人数据转移给外部接收方。您可以通过联系[email protected]获取有关特定转移所实施的保障措施的进一步信息。
您的数据保护主管机关
如果涉及到数据隐私的问题和请求,我们鼓励您联系我们的数据隐私组织,邮箱为[email protected]。除了联系数据隐私组织外,您始终有权向有关的数据保护主管机关提出请求或投诉。
可在此处找到本地数据保护主管机关的列表和联系方式。
13) 处理根据巴西《通用数据保护法》进行
本节适用于以下情况,并为您提供进一步的信息:(i) 我们的一家公司进行的处理发生在巴西领土内,(ii) 涉及位于巴西领土内的个人数据,(iii) 包括在巴西领土内收集的个人数据,或者 (iv) 其目标是向位于巴西领土内的个人提供商品或服务。在这些情况下,巴西《通用数据保护法》(Lei Geral de Proteção de Dados – LGPD)适用于对您的个人数据的处理,以下是对本《数据隐私声明》的第2、5、6、9节所做的补充和/或偏离:
保留期限
根据巴西《通用数据保护法》第16条的规定,我们可以保留您的个人数据以遵守法律或监管义务(例如税务或商业法律下的保留义务),在法定诉讼时效期间,或者为了在司法、行政或仲裁程序中行使正常权利。
您的权利
除了本《数据隐私声明》中提到的权利外,根据巴西《通用数据保护法》(LGPD)的规定,您还有以下权利:
- 如果您认为您的数据未按照适用的数据保护法进行处理或处理过度,您可以要求我们对不必要或过度的个人数据进行匿名化、封锁或删除;
- 请求有关我们与您的个人数据共享的公共和/或私人实体的信息;
- 获知不同意处理您的数据的可能性,以及如果我们要求您同意处理您的数据而您不同意的后果;
在任何时候撤回您对我们处理您个人数据的同意,如果我们要求您同意处理您的数据。
处理的法律依据
巴西《通用数据保护法》要求我们向您提供有关处理您个人数据的法律依据的信息。
我们处理的法律依据是:
- 巴西《通用数据保护法》第7条第5款(”合同履行”);
- 巴西《通用数据保护法》第7条第2款(”遵守法律义务”);
- 巴西《通用数据保护法》第10条第1款和第2款(”合法利益”);
- 巴西《通用数据保护法》第7条第1款(”同意”)。
国际数据传输
根据巴西《通用数据保护法》第33条的要求,如果我们将您的个人数据转移到巴西领土以外,我们将确保以符合巴西《通用数据保护法》的方式保护您的数据,并遵循适用法律和相关机关的决定。
您的数据保护联系人
如果适用,您还可以通过[email protected]联系我们的巴西数据隐私组织。
14) 处理根据加拿大隐私法进行
位于加拿大的每个西门子公司( “西门子加拿大实体”)在安全服务器上保留您的个人数据,只有授权的员工、代表或代理人可以访问这些数据,以便实现本隐私声明中描述的目的。
魁北克居民请注意,您的个人数据可能会在魁北克省境外(即省际/领地外和加拿大境外)进行传输。
如果您对西门子加拿大实体如何处理您的个人数据有任何疑问,包括对其在加拿大境外使用服务提供商的使用方式,或者如果您希望行使您在西门子加拿大实体控制的个人数据方面的任何权利,您可以联系西门子加拿大隐私官员,邮箱为[email protected]。
15) 根据南非个人信息保护法的处理
对于位于南非的商业合作伙伴和用户,请注意以下内容:
根据2013年《个人信息保护法》(POPI)第1节的规定,“个人数据”或“个人信息”包括“与可识别的、现存的自然人相关的信息,以及适用的情况下,与可识别的、现存的法人相关的信息。”
南非合法处理个人数据的相应法律依据和条件包含在POPI的第8至第25节中,涉及“问责制”、“处理限制”、“目的明确”、“进一步处理限制”、“信息质量”、“公开”、“安全保障”和“数据主体参与”。
根据POPI的第69节规定,除非数据主体已经同意处理,或者在进一步条件下是负责方的现有客户,否则禁止通过任何形式的电子通信(包括自动呼叫机、传真机、短信或电子邮件)处理数据主体的个人信息,用于直接营销目的。
为了使数据主体行使其权利并进行与访问、反对和投诉个人数据处理相关的进一步查询和行使权利,南非信息监管机构的联系方式如下:
JD House, 27 Stiemens Street Braamfontein
Johannesburg
2001
PO Box 31533 Braamfontein
Johannesburg
2017
投诉:[email protected]
一般查询:[email protected]
16) 根据英国《2018年数据保护法》和英国GDPR的处理
如果您的个人数据由我们在英国境内的公司根据《2018年数据保护法》和/或英国GDPR(指2016年4月27日欧洲议会和理事会关于个人数据处理及其自由流动的保护自然人的法规(一般数据保护条例),根据《2018年欧盟(退出)法案》第3条的规定成为英格兰和威尔士、苏格兰和北爱尔兰法律的一部分)进行处理,本节适用并为您提供进一步信息。
数据控制者
在本隐私政策中描述的处理活动中,此页面上指定的具体公司是根据英国GDPR的数据控制者。
在与您的业务关系中,我们可能会与西门子的关联公司共享商业伙伴的联系信息。我们和这些西门子公司共同对您的个人数据的适当保护负有责任(根据英国GDPR第26条)。为了使您能够在这种共同控制情况下有效行使数据主体的权利,我们与这些西门子公司签订了协议,授予您根据本隐私政策第7节在德国西门子股份公司针对西门子股份公司行使数据主体权利的权利。
要行使您的权利,您可以联系:[email protected]。
处理的法律依据
英国GDPR要求我们向您提供关于处理您个人数据的法律依据的信息。
我们处理您的个人数据的法律依据是,此类处理是出于以下目的的必要性:
- 在我们与您订立的任何合同下履行我们的权利和义务(《英国GDPR》第6(1)(b)条)(“履行合同”);
- 遵守我们的法律义务(《英国GDPR》第6(1)(c)条)(“遵守法律义务”);和/或我们所追求的合法利益(《英国GDPR》第6(1)(f)条)(“合法利益”)。通常情况下,我们追求的合法利益是与我们使用您的个人数据有关的高效执行或管理(i)您对在线服务的使用,和/或(ii)我们与您的业务关系。在下表中,如果我们依赖我们的合法利益来实现特定目的,我们认为我们的合法利益不会被您的利益和权利所覆盖,鉴于(i)对处理活动的定期审查和相关文档,(ii)我们的数据隐私流程对您的个人数据的保护,(iii)我们提供的有关处理活动的透明度,以及(iv)您对处理活动的权利。如果您希望获取有关此平衡测试方法的进一步信息,请联系我们的数据隐私组织:[email protected]。
在某些情况下,我们可能会询问您是否同意相关使用您的个人数据。在这种情况下,我们处理 - 与您有关的数据的法律依据可能(除外或同时)是您已经同意(《英国GDPR》第6(1)(a)条)(“同意”)。
[post_id=”231381″]
国际数据转移
如果我们将您的个人数据转移到英国以外的地区,我们将确保以符合英国GDPR的方式保护您的数据。因此,如果适用法律要求,我们采取以下措施:
我们只会将个人数据转移到英国以外的收件人,如果该收件人(i)与我们签订了英国标准合同条款,或者(ii)在其组织中实施了约束性企业规则。您可以通过联系[email protected],请求有关特定转移所实施的保护措施的进一步信息。
您的数据保护主管机关
如果有与数据隐私相关的问题和请求,请联系我们的数据隐私组织,邮件地址为[email protected]。除了联系数据隐私组织外,您始终有权向有关的数据保护主管机关提出请求或投诉。
您可以在此处找到本地数据保护主管机关的列表和联系方式。
17) 对于美国居民的进一步信息
如果您是美国居民,请注意以下事项:
不跟踪
目前,我们的在线服务不识别或响应“不跟踪”浏览器信号。有关“不跟踪”的更多信息,请访问您的浏览器支持页面。
儿童使用
本在线服务不针对13岁以下的儿童。在适用法律要求的情况下,我们不会有意从13岁以下的儿童那里收集个人数据,除非他们事先获得父母的同意。我们将根据法律规定,只在法律允许的范围内使用或披露与儿童有关的个人数据,以寻求父母的同意,依据当地法律和法规或保护儿童的需要。
州级权利
根据您所居住的美国州的不同,您可能对个人数据拥有特殊权利。有关这些权利的信息,请点击此处。
18) 针对西门子员工的进一步信息
在西门子内部网站的页脚信息中提供了更多的西门子内部隐私通告(需要访问西门子内部网站)。