Data protection notice for customers and interested parties
The protection of your rights in the processing of personal data is an important concern for the companies of the MAN Energy Solutions Group. With the following information we would like to give you an overview of the processing of your personal data by us and your data protection rights.
Which data is processed in detail and how it is used depends largely on your individual interests and the contractual services agreed upon. Therefore, not all parts of this information will apply to you.
Who is responsible for data processing and who can I contact?
For the purposes of the General Data Protection Regulation the following acts as the controller of your data:
MAN Energy Solutions SE
represented by the Executive Board
86153 Augsburg, Germany
Phone: +49 821 322-0
Fax: +49 821 322-4240
If another MAN Energy Solutions Group company alone or jointly with others decides on the purposes and means of processing personal data, this company shall (also) be responsible.
If you have any questions about this notice or about how to exercise your rights, you can contact our data protection officer:
Data Protection Officer
MAN Energy Solutions SE
86153 Augsburg, Germany
What data do we process?
We process personal data, which we receive from you as a customer or prospective customer or from your employer or client within the scope of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data which we permissibly obtain from publicly accessible sources (e.g. commercial register, press, Internet) or which is transmitted to us by other companies of the MAN Group or by other third parties (e.g. a credit reference agency).
Relevant personal data may include:
- Identification data (e.g. contact, contracting party and work organization data, pictures, signature),
- Legitimation and authentication data, where required by law or regulation (e.g. to combat money laundering, terrorist financing),
- Data on the use of IT systems (e.g. IP addresses, log files, log data, access / account data for web services and apps),
- Usage data with guarantee, warranty, product liability and data for safe plant operation as well as position data (if person-related)
In the concrete business, the MAN PrimeServ Academy may also process the following personal data:
- Professional contact and (work) organizational data (e.g. last name, first name, gender, address, e-mail address, organization / company, role, individual group, cost center, responsibility, department / area, personnel number / participant ID; in the future possibly: e.g. title, task description, functions, activity, entry date, job title, professional career, qualification in order to be able to offer specific further training for certain positions, passport data)
- Test results (course status, completion status, success status, test in hard copy)
additionally we may also collect data from the following sources:
- Active Directory Federation Services (ADFS); required for authentication of internal users
- Sanction lists
- Microsoft Forefront Identity Manager (FIM); the interface to FIM is required to synchronize data from SEM with our internal user database and to enable single sign-on (i.e. automatic login in the MAN ES network).
and other data comparable with those categories. As a rule, your personal data will be collected directly from you within the framework of the existing or incipient contractual relationship.
For what purposes and on what legal basis will your data be processed?
We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the legal provisions of the country in which the office responsible for data processing is located,
1. to fulfil pre-contractual and contractual obligations and to initiate contracts (Art. 6 (1)(b) of the GDPR):
- Offer preparation (e.g. product offers, service offers, financing offers or rental offers),
- Order processing (e.g. completion of order forms, payment transactions, payment options, delivery and delivery conditions, compliance with legal obligations, invoicing, bookkeeping and auditing, internal cost and performance accounting, controlling as well as the implementation of receivables management / dunning),
- Delivery of the product (e.g. plant handover and commissioning)
- Training of the product (invitation process and realization of the training, training purposes and learning management).
2. Pursuant to the legitimate interests of the company (Art. 6 (1)(f) of the GDPR). If necessary, we process your data beyond the actual fulfilment of the contract to protect the legitimate interests of us or third parties (e.g. customer care and improvement of the customer relationship and the products, contract-related advertising, prevention of fraud and payment defaults):
- Market analysis and identification of new customers (e.g. preparation of market analyses, trade fair presence, Internet presence, customer events, competitions and other promotional activities),
- Reporting (e.g. for data quality, control and planning purposes), reporting and planning of sales figures,
- Optimization of production processes and system quality by collection of system data (e.g. Plausibility check and determination of key figures for consumption and wear reduction, collection of service and maintenance data as well as error codes for error diagnosis and error prevention, evaluation of engine data for compliance with warranty obligations, product liability, analysis of plant data for quality improvement of plant functions, product and service optimization),
- After Sales Marketing via email about similar products or services to the one you have enquired and that we think it may be interesting for you. (e.g. product and service training, provision of applications, EDP programs and apps). We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can opt out of these communications at any time.
- We may analyze your personal data to build a profile of your interests and preferences so that we can contact you with information relevant to you and also to improve our services and customer experience. Profiling is based on the information you have provided to us, including through our websites or information about our products and services that you have enquired about. You have the right object to profiling.
- Planning and execution of service orders (e.g. through online appointments).
3. On the basis of your consent (Art. 6 (1)(a) of the GDPR):
- Marketing communication (e.g. dispatch of magazines, newsletters, product brochures, provision of apps). You can withdraw you consent at anytime.
4. For the fulfilment of legal obligations (Art. 6 (1)(c) of the GDPR):
- compliance with storage obligations, ensuring compliance requirements through audit actions (e.g. sanctions list audit, money laundering),
- operation of an internal control system (ICS) and other monitoring systems to ensure the correctness of business processes.
Further details on the data processing purposes can be found in the individual contract documents and terms and conditions.
Mandatory disclosures pursuant to Art. 13 (2)(e) GDPR
You must provide the controller with the personal data required for the execution of the contractual relationship. Without this provision, MAN Energy Solutions shall not be able to fulfill its statutory obligations and enter into the contractual relationship.
To which recipients do we pass on your data within the scope of this processing activity?
In certain cases, your personal data may also be passed on to other parties:
- If the disclosure of your personal data is necessary for the execution or initiation of the contractual relationship, such as in the financing of the contractual object, in joint order processing with project-related partners (such as component manufacturers) or for training purposes.
- We also pass on your personal data to service providers commissioned by us within the scope of order processing (e.g. organization of trade fair events, conducting customer satisfaction surveys, sending e-mail newsletters, hosting and operating CRM systems).
- In some cases within the MAN Primeserv Academy, the personal data of the participants such as test results are being provided to the client of the training.
- Your master data and contact details are passed on in a central database (this database can also be accessed by other Volkswagen Group companies) to ensure a uniform and up-to-date database and for credit checks.
- If you have given your consent, we may also pass on your master and contact data as well as the offer and order data to the relevant PrimeServ service units for customer support purposes, such as the preparation of plant-specific service offers or regional on-site support, and to the corresponding companies of the Volkswagen Group for the preparation of financing offers.
- When we are required to disclose your personal data to comply with national laws, e.g. transfer to tax authorities, courts, auditors.
How do we transfer data outside the EEA?
Data protection agreements have been concluded with all data-receiving companies of the MAN and Volkswagen Group in order to ensure a high level of data protection.
If we transfer personal data to affiliated companies or service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate and sufficient data protection guarantees (e.g. EU standard contract clauses) are in place.
For how long do we store your data?
In principle, we delete your personal data as soon as it is no longer required for the above-mentioned purposes. Your personal data will be stored as long as we are legally obliged to do so, or as long as statutory limitation periods apply. In addition, storage shall take place if further legal or contractual storage obligations exist, e.g. in connection with product liability.
Under certain circumstances you have the following rights:
Automated decision making
There is no automated decision-making pursuant to Art. 22 (1, 4) GDPR.
Security and confidentiality
MAN Energy Solutions protects your data with technical and organizational security measures to prevent accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures, such as data encryption, are regularly improved in line with technological developments. Furthermore, MAN Energy Solutions employees are obliged to maintain confidentiality with regard to the handling of personal data.
MAN Energy Solutions may adapt this declaration concerning data protection at any time while adhering to the provisions of the data protection legislation.
Last updated on May 2020.