Siemens Gamesa Renewable Energy (“Siemens Gamesa”) – with registered office at Parque Tecnológico de Bizkaia, Edificio 222, 48170, Zamudio, Vizcaya (Spain) – as Data Controller, takes data protection seriously. As part of this effort, we ensure that our websites are in compliance with the applicable laws on data privacy and security.
Siemens Gamesa may ask for your consent before using your personal data (Article 6 (1) (a) General Data Protection Regulation - GDPR):
- To fulfil a specific request, such as responding to inquiries and complaints handling (for which you gave us the data). Siemens Gamesa will process the data based on the consent of the interested party given when filling out the form provided for this purpose.
- To handle the requests of candidates who want to work at Siemens Gamesa through the "Jobs at Siemens Gamesa" section. Siemens Gamesa will process the data based on the consent of the interested party given when filling out the form provided for this purpose.
To exercise legitimate interests pursued by Siemens Gamesa (Article 6 (1) (f) GDPR) Siemens Gamesa will process your personal data:
- To defend against fraud (and this may include the verification of identity), or to verify the legitimacy of a legal claim.
- To maintain and protect the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities. To improve customer service and to assist in identifying ways in which we can provide you with a better service, or enhance your experience of our website and other services.
To comply with Siemens Gamesa’s legal obligations (Article 6 (1) (c) GDPR) Siemens Gamesa will process your personal data:
- To comply with legal and regulatory obligations and enforce our legal rights. For compliance purposes and Business Partner auditing, record keeping, compliance screening obligations (to prevent money laundering and other white-collar crimes).
For the aforementioned purposes, personal data processed by Siemens Gamesa may include:
- Contact information – full name, work address, work telephone and fax number, work email address;
- Payment data – e.g., credit/debit cards, bank details, security code numbers, and other information required for billing and fraud prevention;
- Further information necessarily processed in a project or contractual relationship with Siemens Gamesa or voluntarily provided by the Business Partner Contact, such as orders placed, payments made, requests, and project milestones;
- Publicly available information– e.g., information available from integrity data bases and credit agencies; and
- If legally required for Business Partner compliance screening – information about relevant and significant litigation or other legal proceedings against Business Partners.
As part of our effort to protect your data, we will only share your personal data with our subsidiaries when necessary and after your consent is given, or when we are legally entitled to do so. We only share your personal data with Siemens Gamesa subsidiaries in third countries that have adopted and implemented our Binding Corporate Rules (BCR) for the protection of personal data.
For the operation of our websites, we work with service providers such as hosting services or IT maintenance service providers. In such cases, there are safeguards put in place to make certain that your personal data is protected according to the regulations of the European Union. For recipients located in countries outside the European Economic Area (“third countries”), there is a possibility that the applicable laws on data protection do not offer the same level of protection as in the European Economic Area (EEA). Where this is true, Siemens Gamesa takes the necessary steps to ensure that an appropriate level of protection of personal data exists, such as European Model Clauses.
Data is shared only in connection with and in compliance with applicable laws and regulations. We do not sell or otherwise market your personal data to third parties.
We only retain the personal data that you provided to us to fulfill the purposes for which it was initially collected, or unless otherwise required by law.
In this sense, once this purpose disappears or in the case in which the user withdraws his/her consent, Siemens Gamesa may keep the user's personal data, duly blocked, during the period of prescription of the actions that may arise from the relationship with the interested party or for the attention of public authorities, in accordance with the applicable regulations in each case, as well as for the exercise and defense of claims before the Data Protection Agencies.
As a current, past or future customer, supplier, vendor, partner (herein after referred to as “Third Party”) of Siemens Gamesa Renewable Energy (SGRE), there are some practices in relation to the personal data of contact persons that affects you as a Third Party. Therefore, SGRE prepared this Privacy Notice to describe what the company does with the personal data it collects, and how it protects it from breaches. This document also summarizes the rights of the Third Party regarding this data.