Notes according to Art. 13 GDPR

on the handling of personal data

The protection of personal data and in particular the implementation of the requirements of the European General Data Protection Regulation (GDPR) is of particular concern to Fujitsu.

With the following data protection information, we inform you about the processing of personal data by us, Fsas Technologies GmbH (hereinafter referred to as "Fsas Technologies" or “we”) in the context of our general business activities and for the purpose of providing services in the context of partner, customer, prospective customer, or supplier relationships as well as our Internet presences (websites and social media).

This data protection information is supplementary to the Fujitsu Global Privacy Policy, published by Fujitsu Ltd. Japan, applicable to Fujitsu Limited and its subsidiaries, which you can find here: https://www.fujitsu.com/global/about/resources/privacy/

If you would like an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find a variety of further information on the website of the German Federal Data Protection Commissioner, available under https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html

1. Responsible for the processing of personal data

Responsible:
Fsas Technologies GmbH
Mies-van-der-Rohe-Straße 8
80807 München
Deutschland
Tel.: +49 (89) 62060-0

Data Protection Officer
Stefan Strobel
E-Mail: datenschutzbeauftragter@fujitsu.com

Address:

Fujitsu Germany GmbH
Stefan Strobel
Mies-van-der-Rohe-Straße 8
D-80807 München

Contact:
You can also use the following contact form: Kontakt

2. Purpose of collection, processing or use of personal data:

Fsas Technologies uses your personal data only to the extent necessary for certain purposes. As such we may collect, store and use your personal information for the purpose (i) to operate, manage, develop and promote our business (including our products, services and events) and, in particular, our relationship with the organisation you represent (if any) and related transactions, (ii) to protect our business from fraud, money-laundering, breach of confidence, security threats, theft of proprietary materials and other financial or business crimes; (iii) to comply with our legal and regulatory obligations; (iv) to bring and defend legal claims and assert legal rights; and (v) if the purpose is directly connected with an assigned purpose previously made known to you.

In the table below, you will find (i) an exemplary list of the collection and processing activities for which Fsas Technologies uses your personal data and (ii) an overview of the purposes and the corresponding legal bases.

Collection and processing activitiesPurpose and legal basis
Management of our business relationship and communication with you as a partner, customer, interested party, investor or supplier, e.g. to perform our contract with you or your company, for warranty, maintenance and support processes (as described in the " Warranty and Support-Services for products and solutions" section 7 below), or for accounting and billing/payment purposes (including to offer financing solutions to customers together with our finance partners)Justified based on a contract or pre-contractual measures (Art. 6 (1) (b) GDPR).
In case you visit our premises or Fujitsu controlled sites, please note that some of our premises have closed circuit TV (CCTV) systems and other security and access management systems which may record you and certain information about your visit for security and safety purposesJustified by our legitimate interest (Article 6(1)(f) GDPR.
Facilitating communication with you in emergencies, e.g. in respective product compliance processesJustified based on our legitimate interest in ensuring proper communication within the organization and dealing appropriately with emergencies (Article 6(1)(f) GDPR).
Statutory reporting obligations and participation in legal proceedingsnJustified by the need to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR)..
Improving the security and functioning of our website, networks, and information - if necessary, if suspected, by tracking your use of our systemsJustified based on our legitimate interest in ensuring the security of our networks and information and avoiding infringements (Article 6(1)(f) GDPR).
Data analysis (i.e. analysis of business transactions and data) to describe, predict and improve economic performance within Fujitsu and/or to provide a better experience for the user; (for more details on how to perform analytics on our website, please refer to our (Cookie Policy: Fujitsu Global). Where Fujitsu offers the use of Google Maps, you are requested to give Fujitsu your consent to the integration of the Google Maps map (including integrated Google Fonts) on the dedicated website. This consent includes all applications on this website that integrate Google Maps (including integrated Google Fonts). Without your consent you cannot use the functionalities of this website related to Google Maps service.Justified based on our legitimate interest in ensuring the proper conduct of our business activities (Article 6(1)(f) GDPR). In case of Google Maps: Justified based on consent as a principle (Art. Article 6(1)(a) GDPR).
Marketing and advertising to you on our products and services (unless you have objected to processing for this purpose, as described in the "Marketing activities" section below), in particular (i) sending you commercial communication which is relevant and of use to you by using your contact data, exp. e-mail addresses, (ii) providing you with services or information that you may have requested, (iii) keeping you informed and updated on relevant products or services you may be interested in, (iv) enabling you to take part in our online assessments and/or surveys, (v) allowing you to obtain a copy of a whitepaper, (vi) to address you with an appropriate greeting, (vii) enabling you to attend a webinar, (viii) allowing to contact you by a Fujitsu representative for a specific reason, and (ix) enabling you to complete an event registration form or post event form to participate in events related to our products or services.Justified based on consent (Art. 6 (1)(a) GDPR), or legitimate interest (Article 6(1)(f) GDPR), where relevant in combination with § 7 para. 3 UWG for existing customers.
Managing and operating events and/or demonstrations of our actual or potential products and services;
for audio/video recordings during live/recordings of events (including virtual events/webinars): to inform interested stakeholders about the content of such events/recordings (including the online publication of such recordings for marketing purposes)		Based on your consent obtained before the event (Art. 6 (1)(a) GDPR).
When you apply for a job, we process your personal data as set out in the privacy notice of the Fujitsu Recruiting Portal or of the respective other recruiting platform you may use.Necessary to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) (b) GDPR).
 

Insofar as our legitimate interests constitute the legal basis for the processing of personal data for a specific purpose according to the table above, we have carried out a corresponding Legitimate Interest Assessment (LIA) in accordance with Article 6(1)(f) GDPR. If you would like to receive further information on this LIA approach, please contact Fujitsu's Data Protection Officer

As part of the above-mentioned processing activities, we may pass on personal data to third parties or processors in the following context:

  1. Other members of the Fujitsu group if this is necessary in connection with your employment or contract;
  2. Tax advisors and auditors of Fujitsu;
  3. External legal advisors;
  4. Insurance and pension service providers;
  5. IT service providers that process data as part of their service provision (such as service providers for IT maintenance activities or external IT service providers that process data as part of the provision of M365 services (e.g. MS Teams, MS SharePoint, MS Exchange, MS OneDrive, Viva Engage or similar));
  6. Third parties providing products and services: see Section 6
  7. Warranty and support-service providers for Fujitsu products and solutions: See section 7
  8. Marketing service providers;
  9. Travel service providers;
  10. Credit card providers;
  11. Print service providers;
  12. Scanning service providers;
  13. Training providers;
  14. Relocation service providers;
  15. Other service providers who process employee data on our behalf as part of supporting our business activities;
  16. Tax authorities;
  17. Third parties to whom Fujitsu is legally or regulatory obligated or where it is necessary to comply with applicable law to disclose data (including the opposing party in litigation); or
  18. For the establishment, exercise or defense of legal claims before courts, arbitration tribunals and competent regulatory and law enforcement authorities.
3. Joint Controller

Fsas Technologies GmbH and Fujitsu Germany GmbH, both Mies-van-der-Rohe-Straße 8, 80807 Munich are acting as Joint Controllers in the following activities:

  • Fujitsu Group-internal IT systems and IT-tools used for product related and for service business and
  • Marketing activities: use of contact data, esp. e-mail addresses for commercial communication (for further details please see the "Marketing activities" section below)
4. Description of the groups of persons concerned, the associated data or data categories and sensitive data:

The term "personal data" means personal data within the meaning of the definition of Art. 4 (1) GDPR. This is all information that relates to a natural person and with which this person can be identified directly or indirectly.

Within the framework of the procedures used data subjects from the following groups of persons are affected:

  • Customers, potential customers / interested parties
  • Suppliers
  • Commercial agents / partners of Fujitsu
  • Applicants when applying for a job offer

In its procedures, Fujitsu uses the following categories of personal data or data

  1. personal reference data (e.g. first name, surname, title, address
  2. Communication data (e.g. phone, e-Mail
  3. Contract-reference data (contractual relationship, interest in products and contract fulfilment
  4. Customer history
  5. Contract billing and payment data (e.g. bank details, account number or, if applicable, credit card number
  6. Information from third parties

 

Please do not send or share with us any sensitive personal information (e.g. information related to ethnic origin, political opinions, religion or other beliefs, health, sexual orientation, genetics, or biometric data, criminal background or trade union membership or any other personal information that may be considered sensitive), unless, in limited situations where we do request strictly necessary sensitive personal information from you, for example when we are undertaking due diligence and compliance checks on a supplier. We will only process sensitive personal information where we have a lawful basis to do so and in accordance with this data protection information.

5. Data transfer to third parties

Fujitsu works closely with its development, production, sales, marketing and service partners. The support of national and international customers, suppliers and business partners is provided by the sales and service organizations of Fujitsu worldwide, by the parent company Fujitsu Ltd. Japan as well as our subcontractors or suppliers.

Prior to each and any onward transfer, we take the necessary steps to ensure that your personal data is adequately protected in accordance with the relevant data protection laws.

Unless otherwise notified, a transfer of your personal data from the European Economic Area (EEA) to third parties outside the EEA is based on an adequacy decision or is subject to the EU Standard Contractual Clauses. You can get a copy via the above contact addresses. Any other cross-border transfer of your personal data not related to the EEA will be carried out in accordance with the relevant international data transfer mechanisms and security measures under Article 46 GDPR. In this case, it is possible that the transmitted data will be processed by local authorities.

6. emptyProducts and services of third parties

Where Fujitsu offers products or services of third parties or where Fujitsu provides warranty and support services for third-party products under its own responsibility in accordance with a Fujitsu product or service data sheet , Fujitsu and such third party providers may collect and use personal data and related information, including, but not limited to, technical information about devices, systems, related software, services, or peripherals associated with the third party service use and potential further products provided under a separate agreement with the third party provider. Data collected may be used for purposes of facilitating the provision of updates, license authentication, maintenance, and analytics consistent with the then current privacy policy of the third party provider. Please let us know in case you need support to get access to such privacy policies.

While providing third party offerings, your personal data may be transferred to regions outside the EU/EEA (e.g. for 24/7 service provision by the third party). In such case and unless otherwise notified, a transfer of your personal data from the European Economic Area (EEA) to third parties outside the EEA is based on an adequacy decision or is subject to the EU Standard Contractual Clauses. In case of questions please contact us via the contact address, given above. Any other cross-border transfer of your personal data outside the EEA will be carried out in accordance with the relevant international data transfer mechanisms and security measures under Article 46 GDPR. In this case, it is possible that the transmitted data will be processed by local authorities.

7. Warranty and support-services for products and solutions

Fsas Technologies as data controller uses the contact data, such as contact person, telephone number / mobile phone number / e-mail address for customer service, i.e. in particular to advise and answer your questions and to remedy service incidents. The following partners are involved in warranty and support services:

  1. Fujitsu Technology Solutions Spzoo, Poland
  2. Fujitsu Technology Solutions, Lda, Portugal
  3. Fujitsu Consulting India Private Limited, India
  4. Local, customer specific service partner and sales partner
  5. Fujitsu Ltd. Japan and Fsas Technologies Inc. Japan for back level support
  6. The respective product manufacturers as part of their product responsibility as suppliers
  7. Cupola Teleservices Limited, Dubai, UAE
  8. MDX Solutions Middle East, Dubai, UAE
  9. FINIX Technology Solutions SPA, Italy
  10. Innovaway SPA, Italy
  11. CoCre8 Core (PTY) Ltd, South Africa
  12. Foundever Magyarország Kft., Hungary

8. Marketing activities

We use communication data, in particular e-mail addresses, for commercial communication, including via social media, with our existing or potential customers and partners.

a. Responsible for the processing of personal data

To the extent direct advertising is based on consent, e.g. in the context of an e-mail newsletter the necessary information is your e-mail address, your name and your company/organization. To register for such marketing communication, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you for confirmation. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration. In addition, we refer to the following explanations on the use and acquisition of information in connection with a social media environment.

To the extent as business cards are handed over to us, we store the contact details of the interlocutors with us and use this data for marketing purposes within the scope of the legally permissible possibilities.

Of course, you can revoke your advertising consent to Fsas Technologies at any time with effect for the future. You can revoke this by clicking on the link provided in each newsletter e-mail, by e-mail to unsubscribe-de@ts.fujitsu.com or by sending a message to the contact details of the Responsible provided above.

Furthermore, you can assert your rights as a data subject, as described in the section "14. Your rights".

As soon as the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future as described above, we will delete your data.

Our Account Engagement (Pardot) emails contain a tracking code that uses JavaScript from Pardot, a Salesforce cloud service, to track the opening of emails, clicks, and other recipient interactions with email content, storing this data within Pardot. This data is used to measure and improve the effectiveness of our email communications and to personalize our marketing efforts.

c. Social Media

If you interact with us through social media services, we may be able to access certain information about such interaction. We make reasonable efforts to ensure that the social media providers have permission from you to allow us to access certain information about you. Please note that we are not responsible the way social media service providers handle your personal information that they may collect from you, as this is their responsibility. For instance, our website may use plugins of social media networks such as X (formerly known as Twitter), Facebook, and LinkedIn or the other social media network’s plugins in particular countries or regions. If you use one of these plugins, these plugins can establish a direct connection between your browser and the sites of the respective social media networks. As this transfer takes place directly between your browser and the respective network, Fsas Technologies does not have any access, knowledge or control over any data sent or the use of this data within the respective social media networks. If you make use of a social media network and make content available to such networks, this is not covered by this privacy information. Instead, the terms of use and privacy policies of the respective operators of those social media networks shall apply to any such content. We encourage you to read the privacy policies and terms and conditions of your social media service providers to understand how they handle your personal information.

9. Photography and filming

To the extent photos are taken by Fsas Technologies at trade fairs and events, we will point this out in advance and obtain the consent of the persons concerned if we want to photograph individual persons. If we create photos in which you are photographed with several other people, e.g. in a group, in panoramic shots or similar shots, we ask you to contact us if your person is to be made unrecognizable. This data will be stored until the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future.

10. Visiting our website or web-based platform

We may make web-based platforms available to our partners, customers and suppliers and such platforms may collect your personal information if you use such platforms. This privacy information applies to such personal information collected during the registration process and/or during the use of such platforms.

When you are visiting our website or web-based platforms for information, without registering or logging in, we may nonetheless collect data which may include personal data from you, through your browser, such as::

  • IP address and corresponding network location
  • Exact time (including time zone) of your request
  • Metadata and contents of your request
  • Details of your browser and operating systeem

 

This enables our server maintenance and security team to analyse errors and potential threats in real time. The legal basis for this processing of your data is Article 6(1)(f) GDPR, which allows the processing of data for our legitimate interests, that is technically required to ensure a stable, secure and functioning website. This data is deleted after 90 days.

11. Information use and information gathering in conjunction with a social media environmentn

The wikis and blogs operated by Fujitsu or Fsas Technologies itself are subject to Fujitsu's privacy and security regulations. This applies to Blog/Wiki, blog.de.fujitsu.com, Datenschutz bei Fujitsu, Yammer

In addition, Fujitsu and/or Fsas Technologies use social media environments such as Xing, X (formerly Twitter), Facebook, LinkedIn, etc. to gather information

Social Media Network

SiteData protection policy
X (formerly Twitter)twitter.comData protection at X
XINGxing.comData protection at XING
Googlegoogle.deData protection at Google
YouTubeyoutube.comData protection at Youtube
Facebookfacebook.com Data protection at Facebook
LinkedInlinkedin.comData protection at LinkedIn
Slideshareslideshare.netData protection at Slideshare
Instagraminstagram.comData protection at Instagram
Flickrflickr.comData protection at Flickr

 

To process enquiries sent to Fsas Technologies via its social network presences, Fsas Technologies processes the personal data that you have sent to the respective social network. The processing of your data is necessary to process your request (Art. 6 (1) (b) GDPR). Depending on the content of the request, the processing will be limited to processing for the specific purpose of the request (e.g. interest in advertising our services)

12. Salesforce

We use Salesforce Inc's cloud platform to manage our customer and potential customer portfolio. To do so, we must collect and process certain personal data from you. Such personal data can include your contact details (e.g. name, email), account creation details (e.g. username, password, security questions) as well as details about your relationship with us (interest in products and services, previous purchase history). The legal basis for the processing is Article 6 (1)(b) GDPR and Article 6 (1)(f) GDPR under which it is within our legitimate interests to implement an efficient method of managing our customers as well as with consent under Art 6 (1)(a) GDPR.

13. How long does Fsas Technologies store your data?

Fsas Technologies processes and stores its personal data within the scope of what is necessary for the duration of our business relationship, which includes, for example, the initiation and processing of a contract as well as the regular limitation period of 3 years to defend against or assert legal claims.

In addition, Fsas Technologies is subject to various storage and documentation obligations arising from, among other things, the German Commercial Code (HGB) or the Tax Code (AO). The retention periods mentioned there are 6 to 10 years. During this time, the processing of the data is restricted. For example, accounting documents relevant to commercial or tax law are stored for 10 years and contract- and tax-relevant documents for at least 6 years.

In legal matters, the associated data is stored for at least 6 years, in the case of enforcement titles, the storage period can be up to 30 years due to the statute of limitations.

Please note: To protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

The security, integrity and confidentiality of your personal information is extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal information from unauthorized access, disclosure, use and modification. We regularly review our security procedures to consider appropriate new technology and methods to protect information we hold.

We will delete your personal information when we no longer need such personal information, for instance where:

  1. it is no longer necessary for us to retain your personal information to fulfil the purposes for which we had collected it;
  2. we believe that your personal information that we hold is inaccurate; or
  3. in certain cases where you have informed us that you no longer consent to our processing of your personal information.

 

Sometimes, however:

  1. there are legal or regulatory requirements which may require us to retain your personal information for a specified period, and in such cases, we will retain your personal information for such specified period; an
  2. we may need to retain your personal information for certain longer periods for product liability purposes or in relation to legal disputes, and in such cases, we will retain it for such longer periods to the extent required.

 

Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.

14. Your rights

As a data subject, you have the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions of §§ 34, 35 BDSG apply to the right to information and the right to erasure.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You have the right to lodge a complaint with a supervisory authority of the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the collection and processing of your personal data violates data protection laws.

If we use your personal data, in particular the e-mail address for marketing activities / commercial communication, you can object to this use at any time, e.g. via the contact details mentioned above.

For further descriptions and explanations on data protection and how you can assert your rights against Fsas Technologies, please refer to our Privacy Policy, which we have published on the Internet.

The Fsas Technologies data protection officer will be happy to answer any questions you may have. To do so, please contact us using the contact details given above./p>

Further information and explanations on the rights mentioned can be found on the websit of the European Commission as well as at:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telefon: 0981/53-1300
Telefax: 0981/53-5300

E-Mail: poststelle@lda.bayern.de - Homepage: http://www.lda.bayern.de/

An overview of the national and international data protection authorities can be found here.

Munich; March 12, 2025