Privacy Policy
Status: July 2020
Data controller

Siemens Gamesa Renewable Energy (“Siemens Gamesa”) – with registered office at Parque Tecnológico de Bizkaia, Edificio 222, 48170, Zamudio, Vizcaya (Spain) – as Data Controller, takes data protection seriously. As part of this effort, we ensure that our websites are in compliance with the applicable laws on data privacy and security.

This Privacy Policy serves to inform on the types of personal data we collect on our websites, in addition to the reason for which these are collected. It also provides information on who your data is shared with and why, in cases where applicable. This Privacy Policy is updated from time to time. The last update can be found at the top of this page.

Further information about cookies can be found in our Cookie Policy; the policy gives direction on how to take control over this subject. Access to our website is logged for the purpose of security analysis reports and to defend against cyber-attacks. When only visiting and browsing the website no personal data – other than the IP address – is collected. IP addresses are analyzed only in the event of a cyber-attack. Log data is promptly deleted on a regular basis.


Siemens Gamesa may ask for your consent before using your personal data (Article 6 (1) (a) General Data Protection Regulation - GDPR):

  • To fulfil a specific request, such as responding to inquiries and complaints handling (for which you gave us the data). Siemens Gamesa will process the data based on the consent of the interested party given when filling out the form provided for this purpose.
  • To handle the requests of candidates who want to work at Siemens Gamesa through the "Jobs at Siemens Gamesa" section. Siemens Gamesa will process the data based on the consent of the interested party given when filling out the form provided for this purpose.

To exercise legitimate interests pursued by Siemens Gamesa (Article 6 (1) (f) GDPR) Siemens Gamesa will process your personal data:

  • To defend against fraud (and this may include the verification of identity), or to verify the legitimacy of a legal claim.
  • To maintain and protect the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities. To improve customer service and to assist in identifying ways in which we can provide you with a better service, or enhance your experience of our website and other services.

To comply with Siemens Gamesa’s legal obligations (Article 6 (1) (c) GDPR) Siemens Gamesa will process your personal data:

  • To comply with legal and regulatory obligations and enforce our legal rights. For compliance purposes and Business Partner auditing, record keeping, compliance screening obligations (to prevent money laundering and other white-collar crimes).
As part of our offerings, Siemens Gamesa may provide links to other third party websites or applications that may be of interest to you. This privacy policy does not cover third parties; as such Siemens Gamesa is not responsible for the privacy practices of these websites or applications.

For the aforementioned purposes, personal data processed by Siemens Gamesa may include:

  • Contact information – full name, work address, work telephone and fax number, work email address;
  • Payment data – e.g., credit/debit cards, bank details, security code numbers, and other information required for billing and fraud prevention;
  • Further information necessarily processed in a project or contractual relationship with Siemens Gamesa or voluntarily provided by the Business Partner Contact, such as orders placed, payments made, requests, and project milestones;
  • Publicly available information– e.g., information available from integrity data bases and credit agencies; and
  • If legally required for Business Partner compliance screening – information about relevant and significant litigation or other legal proceedings against Business Partners.

As part of our effort to protect your data, we will only share your personal data with our subsidiaries when necessary and after your consent is given, or when we are legally entitled to do so. We only share your personal data with Siemens Gamesa subsidiaries in third countries that have adopted and implemented our Binding Corporate Rules (BCR) for the protection of personal data.

For the operation of our websites, we work with service providers such as hosting services or IT maintenance service providers. In such cases, there are safeguards put in place to make certain that your personal data is protected according to the regulations of the European Union. For recipients located in countries outside the European Economic Area (“third countries”), there is a possibility that the applicable laws on data protection do not offer the same level of protection as in the European Economic Area (EEA). Where this is true, Siemens Gamesa takes the necessary steps to ensure that an appropriate level of protection of personal data exists, such as European Model Clauses.

Data is shared only in connection with and in compliance with applicable laws and regulations. We do not sell or otherwise market your personal data to third parties.

In case you wish, you may exercise your rights of access, rectification, erasure (“right to be forgotten”), restriction of processing, portability, object and not to be subject of an automated individual decision-making, including profiling. You may also revoke your consent at any time. In this sense, please Contact Us to send your request. We will respond to all legitimate requests.
Users who feel that their data protection rights have been violated or users who have any complaints regarding their personal information may contact the relevant Siemens Gamesa Data Protection Officer. In any event, data subjects may always lodge a complaint before the competent data protection authority in accordance with the applicable legislation.

We only retain the personal data that you provided to us to fulfill the purposes for which it was initially collected, or unless otherwise required by law.

In this sense, once this purpose disappears or in the case in which the user withdraws his/her consent, Siemens Gamesa may keep the user's personal data, duly blocked, during the period of prescription of the actions that may arise from the relationship with the interested party or for the attention of public authorities, in accordance with the applicable regulations in each case, as well as for the exercise and defense of claims before the Data Protection Agencies.

If you have any matters relating to personal data, you can reach the Siemens Gamesa data protection department at: dataprotection@siemensgamesa.com.
Third Party privacy notice

As a current, past or future customer, supplier, vendor, partner (herein after referred to as “Third Party”) of Siemens Gamesa Renewable Energy (SGRE), there are some practices in relation to the personal data of contact persons that affects you as a Third Party. Therefore, SGRE prepared this Privacy Notice to describe what the company does with the personal data it collects, and how it protects it from breaches. This document also summarizes the rights of the Third Party regarding this data.

For Brazil, Ricardo de Castilho Agostini (ricardo.agostini@siemensgamesa.com) is appointed as the Encarregado / Data Protection Officer.


Share

Further information about data protection can be found in our privacy policy.