Information on the handling of personal data

Fujitsu is put very high value on the protection of personal data and in particular the implementation of the requirements of the General Data Protection Regulation (GDPR).

With the following data protection information we inform you about the processing of personal data by Fujitsu Technology Solutions GmbH (hereinafter referred to as "Fujitsu") within the scope of our business activities and for the purpose of providing services within the frame of employee, customer or supplier relationships.

Who is responsible for data processing?

Fujitsu Technology Solutions GmbH
Mies-van-der-Rohe-Straße 8
80807 Munich
Tel.: +49 (89) 62060-0
Feel free to use the following contact form: Kontakt

Which personal data do we process?

The term "personal data" refers to personal data as defined in Art. 4 No. 1 GDPR. This is all information that relates to a person (a natural person) and with which this person can be identified directly or indirectly.

Employees and temporary workers of Fujitsu will find further information in the current CE data protection information for employees under the following link: CE Datenschutzinformation 

The following applies to all persons in contact with us, in particular contact persons of our customers, suppliers and business partners: The decisive purpose of collecting, processing and using personal data is the business purpose of Fujitsu.

Purpose of the collection, processing or use of data: Business purpose

In addition to contact data such as name, address, telephone number and e-mail address, we generally process information such as bank details and payment details as well as any other personal and professional details that may be relevant to the provision of the service, within the framework of our general business activities and for the purpose of providing the service based thereon. In many cases it is not possible or proportionate in the context of our activities to work with anonymised or pseudonymised data. We are also obliged by law to process certain personal data relating to a person, e.g. to implement obligations under the Money Laundering Act. In the following, we will gladly provide you with more specific information on our various activities.

The objectives and as such the business purpose of Fujitsu are

  1. (i) To develop, produce and distribute computers and software as well as
  2. (ii) To provide all services connected with computers and software, which are developed, produced or distributed by the Company or third parties.

Fujitsu shall carry on all or any business and shall take all or any measures, which are directly or indirectly beneficial for its objectives. The business purpose is guiding for the collection, processing and use of any personal data by Fujitsu, in close cooperation with its development, manufacturing, distribution and service partners.

The support of international customers , suppliers and business partner is ensured by the global sales and service organizations of Fujitsu as well as by the ultimate parent company Fujitsu Ltd, Japan

Any data collection, processing and use of personal data takes place on the basis of legal regulations or in order to fulfil the purposes specified above

The collection, processing and use of personal data takes place on the basis of legal provisions or to fulfil the above-mentioned purposes.


We use the contact data, such as contact person, telephone number / mobile phone number / e-mail address for customer support, i.e. in particular to advise and answer your questions and to resolve service incidents.

The following partner participate in the provision of warranty services:

  1. Fujitsu Technology Solutions Spzoo, Poland and
    Fujitsu Technology Solutions, Lda, Portugal for service desk services
  2. Fujitsu Consulting India Private Limited, India for Warranty Claim Management
  3. Global Data Consulting & Services, LLC, Russian Federation, for 2nd Level Support for PRIMERGY Products, local customer specific service and sales partner
  4. The dedicated product manufacturer within its product liability and warranty as supplier.
Marketing activities/use of addresses and e-mail addresses for commercial communication

Direct marketing for new or further offers from Fujitsu by sending flyers or special offers by post is based on Art. 6 para. 1 sentence 1 lit. f GDPR.

Direct marketing as part of an e-mail newsletter is based on consent (Art. 6 para. 1 sentence 1 lit. a GDPR, § 7 para. 2 no. 3 German Unfair Competition Act ( UWG)) or for existing customers is based on Art. 6 para. 1 sentence 1 lit. f GDPR in conjunction with § 7 para. 3 UWG. In addition, we refer to the following comments on the use and retrieval of information in connection with a social media environment.

If business cards are handed over to us, we store the contact data of the business card owners and use this data within the framework of the legally permissible possibilities for marketing purposes. You can, of course, withdraw your marketing consent by notification to Fujitsu at any time. For further information, please see below under "Your rights".

Films and photos

If Fujitsu takes photos at trade fairs and events, we will point this out in advance and obtain the consent of the persons concerned if we want to take photos of individual persons. Should we take photographs of you with several other persons, e.g. in a group, in panoramic shots or similar shots, please contact us if you wish to be made unrecognisable.

Skype Federation
The communication contact data of all employees of the company are available to Fujitsu employees throughout Fujitsu and thus also in third countries. In addition, Fujitsu offers partners the opportunity to contact Fujitsu via Skype Federation. Fujitsu employees are free to block the visibility of their contact and presence data.
Legal basis for the processing of personal data by Fujitsu

In general Fujitsu derives the legal basis for its data processing from Article 6 GDPR. In particular, these are the following principles in accordance with Fujitsu's business purpose

  1. Fujitsu processes your personal data as necessary for the performance of a contract or in order to take steps prior to entering into a contract (See Article 6 (1) lit. b GDPR)
  2. Fujitsu processes your personal data as necessary for compliance with a legal obligation. (See Article 6 (1) lit. c GDPR)
  3. Fujitsu processes your personal data in the legitimate interest of Fujitsu or a third party if this is necessary and equivant. (See Article 6 (1) lit. f GDPR). The legitimate interests of Fujitsu result from the business purpose as described above and
  4. Fujitsu processes your personal data wherever necessary and possible on the basis of consent (See Article 6 (1) lit a GDPR)
Description of the affected groups of persons and the related data or data categories:

On request, we are more than glad to inform you of the procedures in which your data is possibly saved and which data is involved in each individual case.

The systems and processes of Fujitsu affect the following groups

  1. Customers, prospective customers, subscribers
  2. suppliers,
  3. consultants and partners,
  4. employees and applicants as well as in dedicated cases former employees of Fujitsu

In its systems and processes Fujitsu mostly uses the following categories of data or data:

  1. Personal master data (e.g. first name, last name, title, address)
  2. Communication data (e.g. telephone, e-mail)
  3. Contract master data (contractual relationship, interest in the product and performance of the contract)
  4. Customer history
  5. Contract billing and payment data (e.g. bank details, account number or, if applicable, credit card number)
  6. Planning and control data
  7. Information details of third parties (e.g. credit agencies or public registers)

In a very limited scope (mainly related to the employment relationship between employees and Fujitsu) Fujitsu also collects, stores, processes and uses special categories of personal data in accordance with Article 9 GDPR within the legally prescribed framework

Fujitsu works with IT service providers, especially cloud service providers, within its own IT infrastructure as well as in the CRM and service environment.

If and to the extent Fujitsu is able to access or have access to the data of its customers during the performance of its services, this shall be based only on the service agreement and the corresponding data protection regulations, and Fujitsu works strictly in accordance with the instructions and on behalf of the customer. The specifications regarding groups of persons, type of data, data categories and, if applicable, special categories of personal data shall be determined by the Fujitsu customer.

Recipients or categories of recipients to whom the data might be disclosed:

Public authorities, where legally required, service providers and suppliers in the context of order data processing or on the basis of legitimate interest.

Transfer of data to third countries (countries outside EEA):

The communication data of all employees of the company are available to Fujitsu employees throughout Fujitsu and thus also in third countries.

Data from customers, suppliers and service providers are only communicated or passed on on the basis of legal regulations.

In principle, data is transferred to recipients in third countries on the basis of suitable guarantees

Use and Gathering of information in connection with social media environments

Fujitsu uses social media networks such as Xing, Twitter, Facebook, Linkedin, Google+, to gather information.

These plug-ins are recognizable by a logo or an appropriate addition of the respective platform. If you call one of our pages with one of these plug-ins, they are able to establish a direct connection between your browser and the corresponding pages of the respective social media network.

Since this transmission takes place directly between your browser and the respective network, Fujitsu has no access to or knowledge of the data transmitted as a result. However, the fact that you have accessed the relevant page and are interested in a Fujitsu product or information is usually transmitted.

If you are logged in to one of these platforms at the same time or later log in to the respective social media network, the plug-ins are able to automatically link this information to your respective account. This information is allocated to an individual natural person. The same applies if you use plug-ins (e.g. "I like") or make comments. For example, if you activate an approving button such as "Like" with one click or make comments, the following data can generally be transferred, depending on the operator of the social media network, e.g:

  • IP address
  • Browser information and operating system
  • Screen resolution
  • Installed browser plug-ins, such as Adobe Flash Player
  • Visitor origin, if you followed a link (referrer)
  • URL of the current site

The wikis and blogs operated by Fujitsu itself are subject to Fujitsu's data protection and security regulations.

However, Fujitsu has no influence on the use of this data in the respective social media network. If you make content (such as pictures, information, contact information, your personal opinion, or other types of personal information) available to participants on any of the above social media networks or platforms, this is not covered by Fujitsu's privacy policy. The terms of use and data protection of the respective operators apply to such content.

The platforms (plug-ins) used by Fujitsu and their respective data protection declarations are listed in the following overview for your information. Please familiarize yourself with your personal rights and obligations and those of the respective social media platforms.

Social Media NetworkSelect / LinkPrivacy Policy
Twittertwitter.comPrivacy policy of Twitter
XINGxing.comPrivacy policy of XING
Googlegoogle.comPrivacy policy of Google
YouTubeyoutube.comPrivacy policy of Youtube
Facebookfacebook.comPrivacy policy of Facebook
LinkedInlinkedin.comPrivacy policy of LinkedIn
Slideshareslideshare.netPrivacy policy of Slideshare
Instagraminstagram.comPrivacy policy of Instagram
Flickrflickr.comPrivacy policy of Flickr
Fujitsu Blog/ policy of Fujitsu
Technical and organizational measures

Fujitsu takes all appropriate technical and organizational measures to protect the personal data and information it has stored.

Depending on the specific service agreed, these measures may include the following:

Access control, disk control, storage control, user control, access control, transmission control, input control, transport control, recoverability, reliability, data integrity, job control, availability control and separability.

How long does Fujitsu store your data?

Fujitsu processes and stores your personal data as necessary for the duration of our business relationship, which includes, for example, the initiation and execution of a contract as well as the regular statute of limitations of 3 years for defending against or asserting legal claims.

In addition, Fujitsu is subject to various archiving and documentation obligations, including those arising from the German Commercial Code (HGB) or the German Tax Code (AO). The periods mentioned there for archiving amount to 6 to 10 years. During this time the processing of the data is limited. The storage obligation begins at the end of the calendar year in which a offer was made or a contract fulfilled.

Thus, for example, accounting documents relevant under commercial or tax law are kept for 10 years and contract and tax-relevant documents for at least 6 years.

In legal matters, the associated data is stored for at least 6 years, in the case of enforcement titles, the storage period can be up to 30 years due to the statute of limitations.

If you have given your consent to Fujitsu for a processing operation, the data associated with the granting of consent will be stored for the duration of the processing operation and after completion of the same for a further 4 years.

Photo and video surveillance data are stored until the purposes for which they are processed, in particular the clarification of a possible incident (e.g. investigation in case of suspicion of a criminal offence), have been achieved.

Your rights:

You have dedicated rights with respect to your personal data under the data protection laws in force in the country in which you are domiciled. As a data subject, you have the right to information according to Art. 15 GDPR, the right to correction according to Art. 16 GDPR, the right to deletion according to Art. 17 GDPR, the right to limitation of processing according to Art. 18 GDPR and the right to data transfer according to Art. 20 GDPR. The restrictions in §§ 34, 35 Federal Data Protection Act (BDSG) apply to the right to information and the right to cancellation.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You have the right to lodge a complaint with a supervisory authority of the member state of your habitual residence, your place of work or the place of the alleged infringement if you are of the opinion that the collection and processing of your personal data violates the data protection laws.

If we use your personal data, in particular the e-mail address for marketing activities/commercial communication, you can object to this use at any time, e.g. by using the contact data listed below.

For further descriptions and explanations on data protection and how you can assert your rights against Fujitsu, please refer to our data protection policy which we have published on the Internet.

Fujitsu's data protection organization will be happy to answer any questions you may have.

Please contact us for further information:

Fujitsu Technology Solutions GmbH
Mies-van-der-Rohe-Straße 8
D-80807 München

Further information and explanations to your rights you can find on the following website „Rechte für Bürger“ der Europäischen Kommission“ as well as at:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telefon: 0981/53-1300
Telefax: 0981/53-5300

E-Mail: - Homepage:

You can find a survey of all national and international data protection authorities under the following link: hier.

Munich; May 2019