Notes according to Art. 13 GDPR

on the handling of personal data

The protection of personal data and in particular the implementation of the requirements of the European General Data Protection Regulation (GDPR) is of particular concern to Fujitsu.

With the following data protection information, we inform you about the processing of personal data by us, Fujitsu Technology Solutions GmbH (hereinafter referred to as "Fujitsu") in the context of our general business activities and for the purpose of providing services in the context of partner, customer, prospective customer, or supplier relationships as well as our Internet presences (websites and social media).

1. Responsible for the processing of personal data

Responsable:

Fujitsu Technology Solutions GmbH
Mies-van-der-Rohe-Straße 8
80807 München
Deutschland
Tel.: +49 (89) 62060-0

Data protection supervisor

Fujitsu Technology Solutions GmbH
Mies-van-der-Rohe-Straße 8
80807 München
E-Mail: Datenschutzbeauftragter@ts.fujitsu.com


Contact:
You can also use the following contact form: Contact

Please also note the joint responsibility supplement in the section: "Marketing activities: use of contact data, esp. E-mail addresses for commercial communication"

2. Purpose of collection, processing or use of data:

Fujitsu uses your personal data only to the extent necessary for certain purposes. In the table below, you will find (i) a list of the collection and processing activities for which Fujitsu uses your personal data and (ii) an overview of the purposes and the corresponding legal bases.

Collection and processing activitiesPurpose and legal basis
Management of our business relationship and communication with you as a partner, customer, interested party or supplier
Support and manage your visits to our sites
Justified based on a contract or pre-contractual measures or based on your initiative or wish (Art. 6 para. 1 sentence 1 letter b GDPR).
Facilitating communication with you in emergenciesJustified based on our legitimate interest in ensuring proper communication within the organization and dealing appropriately with emergencies (Art. 6 para. 1 sentence 1 letter f GDPR).
Statutory reporting obligations and participation in legal proceedingsJustified by the need to comply with legal obligations to which we are subject
Improving the security and functioning of our website, networks, and information - if necessary, if suspected, by tracking your use of our systemsJustified based on our legitimate interest in ensuring the security of our networks and information and avoiding infringements (Art. 6 para. 1 sentence 1 letter f GDPR).
Data analysis (i.e. analysis of business transactions and data) to describe, predict and improve economic performance within Fujitsu and/or to provide a better experience for the user; (for more details on how to perform analytics on our website, please refer to our (Cookie Policy : Fujitsu Global).Justified based on our legitimate interest in ensuring the proper conduct of our business activities (Art. 6 para. 1 sentence 1 letter f GDPR).
Advertising to you on our products and services (unless you have objected to processing for this purpose, as described in the "Marketing activities" section below: Use of contact data, esp. E-mail addresses for commercial communication").Advertising to you on our products and services (unless you have objected to processing for this purpose, as described in the "Marketing activities" section below: Use of contact data, esp. E-mail addresses for commercial communication"). Justified based on consent as a principle (Art. 6 para. 1 sentence 1 letter a GDPR), or legitimate interest (Art. 6 para. 1 sentence 1 letter f GDPR) and § 7 para. 3 UWG for existing customers.
For audio/video recordings during live/recordings of events (including virtual events/webinars): to inform interested stakeholders about the content of such events/recordings (including the online publication of such recordings for marketing purposes)For audio/video recordings during live/recordings of events (including virtual events/webinars): to inform interested stakeholders about the content of such events/recordings (including the online publication of such recordings for marketing purposes) Based on your consent obtained before the event (Art. 6 para. 1 sentence 1 letter a GDPR).
 

Insofar as our legitimate interests constitute the legal basis for the processing of personal data for a specific purpose according to the table above, we have carried out a corresponding balancing of interests in accordance with Article 6 (1) sentence 1 (f) GDPR. If you would like to receive further information on this balancing approach, please contact Fujitsu's Data Protection Officer (see: point 1)

As part of the above-mentioned processing activities, we may pass on personal data to third parties or processors who provide the following services:

- Accounting, payment processing, customer service, email delivery, advertising and marketing, security and operational monitoring, account maintenance and servicing, processing or execution of orders and transactions, verification of customer information, research, data hosting and auditing

- Protecting and safeguarding the legal rights and security of Fujitsu, our affiliates, our users and/or the public, including protection against fraud and malicious activity.

Detailed information on warranty and support services can also be found under point 5.

If, in connection with a data protection declaration, you are asked to click, mark or activate buttons, checkboxes or functions such as e.g "I agree", "I accept" or similar wording and you comply with this request, you thereby declare your consent to the processing of your personal data. You have the right to withdraw your consent at any time without affecting the lawfulness of the processing carried out based on the consent until the revocation.

3. Description of the groups of persons concerned and the associated data or data categories:

The term "personal data" means personal data within the meaning of the definition of Art. 4 No. 1 GDPR. This is all information that relates to a person (a natural person) and with which this person can be identified directly or indirectly.

The term "personal data" means personal data within the meaning of the definition of Art. 4 No. 1 GDPR. This is all information that relates to a person (a natural person) and with which this person can be identified directly or indirectly.

  1. Customers, potential customers/ interested parties,
  2. Suppliers,
  3. Commercial agents / Partners of Fujitsu.

In its procedures, Fujitsu uses the following categories of personal data or data

  1. personal reference data (e.g. First name - surname, title, address)
  2. Communication data (e.g. Phone, E-Mail)
  3. Contract-reference data (contractual relationship, interest in products and contract fulfilment)
  4. Customer history
  5. Contract billing and payment data (e.g. bank details, account number or, if applicable, credit card number)
  6. Information from third parties
4. Data transfer to third parties

Fujitsu works closely with its development, production, sales, and service partners. The support of national and international customers, suppliers and business partners is provided by the sales and service organizations of Fujitsu worldwide, by the parent company Fujitsu Ltd. Japan as well as our subcontractors or suppliers.

As part of its own IT infrastructure, Fujitsu also works with IT service providers, and in particular cloud service providers, based on order processing contracts.

Furthermore, in connection with a business or economic transaction, we may share your personal data with our service providers, professional consultants, public and government authorities or third parties, which may be in other countries. Prior to onward transfer, we take the necessary steps to ensure that your personal data is adequately protected in accordance with the relevant data protection laws.

Unless otherwise notified, a transfer of your personal data from the European Economic Area (EEA) to third parties outside the EEA is based on an adequacy decision or is subject to the EU Standard Contractual Clauses. You can get a copy via the above contact addresses. Any other cross-border transfer of your personal data not related to the EEA will be carried out in accordance with the relevant international data transfer mechanisms and security measures under Article 46 GDPR. In this case, it is possible that the transmitted data will be processed by local authorities.

5. Warranty- and Support-Services

We use the contact data, such as contact person, telephone number / mobile phone number / e-mail address for customer service, i.e. in particular to advise and answer your questions and to remedy service incidents. The following partners are involved in warranty and support services:

  1. Fujitsu Technology Solutions Spzoo, Poland and
  2. Fujitsu Technology Solutions, Lda, Portugal for Service Desk Services
  3. Fujitsu Technology Solutions Spzoo, Poland for 2nd –Level-Support to Primergy-Products
  4. Fujitsu Consulting India Private Limited, India for Warranty Claim Management
  5. Local, customer specific service partner and sales partner
  6. Fujitsu Ltd. Japan for Back level Support
  7. The respective product manufacturers as part of their product responsibility as suppliers.

Customers or support assignments outside of Germany are also involved in the following partners in a region-specific supplement or replacement:

  • Cupola Teleservices Limited, Dubai, UAE
  • FINIX Technology Solutions SPA, Italy
  • Innovaway SPA, Italy
  • CoCre8 Core (PTY) Ltd, South Africa
  • Sykes Közép-Európa Telekommunikációs Szolgáltató kft, Hungary

We store this data as long as the customer relationship exists.

6. Marketing activities: Use of contact data, especially E-Mail addresses for commercial communication

a. Responsible for the processing of personal data

Joint controllers for the processing of their personal data are Fujitsu Technology Solutions GmbH and Fujitsu Services GmbH, both Mies-van-der-Rohe-Straße 8, 80807 Munich.

b. Marketing activities / use of contact data and E-Mail addresses for commercial communication

The direct advertising for products, services, offers and events of Fujitsu by sending flyers or other information with special offers by post is based on Art. 6 para. 1 sentence 1 letter f GDPR.

Direct advertising in the context of an e-mail newsletter is based on consent (Art. 6 para. 1 sentence 1 letter a GDPR, § 7 para. 2 no. 3 UWG) or is based on Art. 6 para. 1 sentence 1 letter f GDPR in.m conjunction with § 7 para. 3 UWG for existing customers. Necessary information is your e-mail address, your name and your company/organization. To register for our marketing communication, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you for confirmation. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration. In addition, we refer to the following explanations on the use and acquisition of information in connection with a social media environment.

Direct advertising in the context of an e-mail newsletter is based on consent (Art. 6 para. 1 sentence 1 letter a GDPR, § 7 para. 2 no. 3 UWG) or is based on Art. 6 para. 1 sentence 1 letter f GDPR in.m conjunction with § 7 para. 3 UWG for existing customers. Necessary information is your e-mail address, your name and your company/organization. To register for our marketing communication, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you for confirmation. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration. In addition, we refer to the following explanations on the use and acquisition of information in connection with a social media environment.

Insofar as business cards are handed over to us, we store the contact details of the interlocutors with us and use this data for marketing purposes within the scope of the legally permissible possibilities. Of course, you can declare your advertising revocation to Fujitsu at any time. You can revoke this by clicking on the link provided in each newsletter e-mail, by e-mail to unsubscribe-de@ts.fujitsu.com or by sending a message to the contact details provided above.

Furthermore, you can revoke your consent under data protection law at any time for the future and assert your rights as a data subject, as described in the section "Your rights". As soon as the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future as described above, we will delete your data.

Jointly responsible for the marketing activities are Fujitsu Technology Solutions GmbH and Fujitsu Services GmbH, both Mies-van-der-Rohe-Straße 8, 80807 Munich, which have concluded an agreement in accordance with Art. 26 GDPR. According to this agreement, both controllers jointly decide when which marketing activities and related processing of personal data take place. Each company is then solely responsible for the conclusion of the contract. The central point of contact for you is Fujitsu Technology Solutions GmbH.

7. Photography and filming

Insofar as photos are taken by Fujitsu at trade fairs and events, we will point this out in advance and obtain the consent of the persons concerned if we want to photograph individual persons. If we create photos in which you are photographed with several other people, e.g. in a group, in panoramic shots or similar shots, we ask you to contact us if your person is to be made unrecognizable. This data will be stored until the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future.

8. Information use and information gathering in conjunction with a social media environment

The wikis and blogs operated by Fujitsu itself are subject to Fujitsu's privacy and security regulations. This applies to Blog/Wiki, blog.de.fujitsu.com, Datenschutz bei Fujitsu
Yammer

In addition, Fujitsu uses social media environments such as Xing, Twitter, Facebook, LinkedIn, etc. to gather information.

Social Media NetworkSelect / LinkPrivacy Policy
Twittertwitter.comPrivacy policy of Twitter
XINGxing.comPrivacy policy of XING
Googlegoogle.comPrivacy policy of Google
YouTubeyoutube.comPrivacy policy of Youtube
Facebookfacebook.comPrivacy policy of Facebook
LinkedInlinkedin.comPrivacy policy of LinkedIn
Slideshareslideshare.netPrivacy policy of Slideshare
Instagraminstagram.comPrivacy policy of Instagram
Flickrflickr.comPrivacy policy of Flickr
Fujitsu Blog/Wikiblog.de.fujitsu.comPrivacy policy of Fujitsu
9. Microsoft 365

The communication data of all employees in the company are available to the employees Fujitsu-wide, and thus also in third countries. In addition, Fujitsu offers customers, partners, and suppliers to contact Fujitsu via Microsoft 365. In this case, too, their communication data is available to employees Fujitsu-wide, and thus also in third countries. Fujitsu employees are free to block the visibility of their contact and presence data.

10. How long does Fujitsu store your data?

Fujitsu processes and stores its personal data within the scope of what is necessary for the duration of our business relationship, which includes, for example, the initiation and processing of a contract as well as the regular limitation period of 3 years to defend against or assert legal claims.

In addition, Fujitsu is subject to various storage and documentation obligations arising from, among other things, the German Commercial Code (HGB) or the Tax Code (AO). The retention periods mentioned there are 6 to 10 years. During this time, the processing of the data is restricted. For example, accounting documents relevant to commercial or tax law are stored for 10 years and contract- and tax-relevant documents for at least 6 years.

In legal matters, the associated data is stored for at least 6 years, in the case of enforcement titles, the storage period can be up to 30 years due to the statute of limitations.

11. Your rights:

As a data subject, you have the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions of §§ 34, 35 BDSG apply to the right to information and the right to erasure.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You have the right to lodge a complaint with a supervisory authority of the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the collection and processing of your personal data violates data protection laws. If we use your personal data, in particular the e-mail address for marketing activities / commercial communication, you can object to this use at any time, e.g. via the contact details mentioned below.

For further descriptions and explanations on data protection and how you can assert your rights against Fujitsu, please refer to our Privacy Policy, which we have published on the Internet.

The Fujitsu data protection officer will be happy to answer any questions you may have. To do so, please contact us using the contact details given above.

Further information and explanations on the rights mentioned can be found on the website "Rights for Citizens" of the European Commission as well as at as at:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telefon: 0981/53-1300
Telefax: 0981/53-5300

E-Mail: poststelle@lda.bayern.de - Homepage: http://www.lda.bayern.de

An overview of the national and international data protection authorities can be found here.

Munich; April 2022