General information on the collection and processing of personal data and your rights as a data subject
Date: May 2018
We, i.e. TTS Tooltechnic Systems AG & Co. KG and its affiliated companies (see http://subsidiaries.festool.com) (hereinafter referred to as "Festool"), collect and process personal data and company data to fulfil a number of purposes.
What categories of data do we use and where do these come from?
The categories of personal data processed primarily include your contact details (company name, address, first name and surname of a contact partner, (mobile) phone number, email address of the responsible contact partner) and, depending on the purpose of the processing, your bank details and potentially VAT identification number as well.
Your personal data is generally collected from you directly. We may also obtain your data from third parties (e.g. retailers) in individual basis, for example in the event that you are registered for our SERVICE all-inclusive®. We will inform you without delay if this is the case.
What purposes are data processed for, on what legal basis and who is responsible for the processing?
We process your data taking into consideration the provisions of the EU General Data Protection Regulation (GDPR), any local data protection laws that apply and all other relevant legislation.
a) Conducting contractual relationships
Festool concludes a range of contracts (e.g. contracts with suppliers, systems partners and service providers, processing repairs, etc.) in order to serve their commercial purposes. The collection and processing of data is used for the establishment, fulfilment and termination of the contractual relationship. The primary legal basis for this is Article 6(1b) GDPR. Where necessary, we also process your data on the basis of Article 6(1f) GDPR, in order to protect our legitimate interests or those of third parties (such as the authorities). This applies in particular to the investigation of criminal offences, or within the group for the purposes of group management, internal communication and other administrative purposes. In addition, the processing of personal data can be based on your consent.
The controller is your respective Festool contractual partner. You can find the relevant contact details at https://www.festool.com/contact.
b) Implementation of SERVICE all-inclusive
We collect personal data and company data for the purposes of registration and in order to fulfil this service commitment. We obtain this data from you directly but also from third parties (i.e. retailers) in individual cases. You will be informed if the latter is the case. The primary legal bases for this are Article 6(1a) and Article 6(1b) GDPR.
The controller in this context is:
Festool GmbH, Wertstraße 20, 73240 Wendlingen, Germany, phone: +49 (0)7024 804-0 or the Festool company that provides this service commitment in your country. You can find the relevant contact details at https://www.festool.com/contact.
c) Provision of our various online services
The controller in this context is:
73240 Wendlingen, Germany
Phone: +49 (0) 7024 8040
Festool has an external data protection officer, who you can contact via firstname.lastname@example.org.
d) Holding competitions
Festool regularly holds competitions. We collect personal data (first name, surname, address and email address) in order to implement these activities. Article 6(1a) and Article 6(1b) GDPR provide the legal basis for this.
Who receives your data?
Within our company, only those individuals and offices (e.g. specialist departments) who require your personal data for the fulfilment of our contractual and legal obligations actually receive said data. Your data is transferred to certain companies within our corporate group when these companies centrally administer data processing tasks for their affiliated companies within the group.
In addition, we sometimes employ different service providers in order to fulfil our contractual and legal obligations (such as sending products or mailings). You can obtain a list of the contractors and service providers we use ‒ including those with whom we have short-term and long-term business relationships ‒ on request from the respective controller.
We may also transfer your personal data to additional recipients outside the company where this is necessary to fulfil our contractual and legal obligations as an employer. Examples include:
- Public authorities (e.g. financial authorities, courts)
- Banks (SEPA payment transfer media)
- Insolvency administrators in the event of private bankruptcy.
Are you obliged to provide your data?
We wish to inform you that, as part of the respective contractual relationship and in order to use SERVICE all-inclusive, you must provide the personal data and company data necessary for establishing, fulfilling and terminating the contractual relationship or service commitment and the performance thereof, or that we are required to collect by law. If you exercise your right to object in this regard or do not provide us with this data, we will not be in a position to fulfil the contract with you or fulfil our service commitments under SERVICE all-inclusive.
How long are your data stored for?
We erase your personal data as soon as it is no longer required for the aforementioned purposes or you have exercised your right to object. Your personal data is stored after the termination of the contractual relationship as long as we are legally obliged to so. This is frequently the case as a result of statutory obligations to provide evidence and statutory retention obligations, which are governed by the German Commercial Code and the German Fiscal Code, among others. Retention periods are up to ten years under this legislation. Personal data may also be stored for the period for which claims can be brought against us (legal limitation periods can fall between three and thirty years).
What privacy rights can you exercise as a data subject?
You can obtain information on the data stored about you personally from the respective controller. Furthermore, you can have your data rectified or erased if certain criteria are met. You may also have the right to restrict the processing of your personal data, as well as the right to obtain the data you have provided in a structured, commonly used and machine-readable format.
Right to object
You have the right to object to the processing of your personal data for direct marketing purposes, without giving any reason.
Where we process your data for the purpose of safeguarding legitimate interests, you can object to the processing on grounds relating to your particular situation. We will then stop processing your personal data, unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or where the processing is used for the establishment, exercise or defence of legal claims.
Where can you complain?
You can lodge a complaint with the aforementioned Data Protection Officer or the competent supervisory data protection authority.