Siemens prioritizes privacy and has a robust Data Privacy Management System to safeguard personal data. It’s regularly reviewed and aligned with guidance from EU authorities. This page outlines the system and provides links for further information.
A holistic approach to data protection only works if data protection requirements are consistently observed and implemented not only within the Group but also by our external suppliers and partners. For this reason, our suppliers and partners are subjected to a preliminary data protection audit and contractually committed to data protection standards. In addition, our suppliers need to follow our data protection requirements in our Code of Conduct for Suppliers.
Binding Corporate Rules allow multinational companies to make EU data protection law the standard for intra-group transfers of personal data across borders. In 2014, Siemens was one of the first companies to introduce Binding Corporate Rules to ensure this high level of data protection for intra-group exchange of personal data across international borders and form an essential part of the international business activities.
Please visit Third Party Rights of our Binding Corporate Rules for more information.
All Siemens employees are bound to comply with the Siemens Business Conduct Guidelines, which are a binding code of conduct. The Binding Code of Conduct states: “All of us who handle the personal data of employees, customers, or third parties bear a high level of responsibility.” This naturally includes that employees commit themselves to observe confidentiality when processing personal data.
Please visit Business Conduct Guidelines for more information.
A fast response is essential in the event of a data protection violation. This is the only way to ensure that these violations are terminated swiftly and that all involved parties both in-house and external (such as the data subjects and the regulatory authorities) are informed immediately. To facilitate this, Siemens has established a global Data Privacy Incident Process that uses central reporting channels and includes the relevant stakeholder.
Siemens has created a Data Privacy Organization to ensure the development of tools, processes, and polices, which safeguard the protection of personal data. The Data Privacy Organization covers all of Siemens, from business product development to administrative activities. Siemens has established a Corporate Data Privacy Organization with dedicated officers for regions and businesses.
Comprehensive security mechanisms and a security-oriented mindset throughout the entire organization are essential to avert and control data security risks. Visit Siemens Cybersecurity website for further information.
For enabling the business activities of a worldwide operating group of companies like Siemens, the international data transfers are safeguarded by different instruments such as EU Standard Contractual Clauses and Binding Corporate Rules, including our Siemens Binding Corporate Rules on Data Protection.
To learn more about Siemens’ approach to international data transfers related to our customer solutions, click here.
To ensure the trust of customers, business partners and employees, Siemens has developed comprehensive data privacy policies for all relevant instances, tools, and guidelines to go beyond what is required by law, including the GDPR.
View Privacy Policy
View Cookie Notice
When outsourcing data processing activities, the parties involved (i.e. controller and processor) must enter into a data processing agreement. Siemens Data Processing Agreements are utilized both when Siemens is acting as a customer (controller) and when acting as a provider (processor).
In the case Siemens acts as processor for its customer, our Siemens Data Privacy Terms apply.
Siemens wants to ensure that its products and solutions can be used in compliance with all relevant data protection rules. So, for Siemens, privacy by design means that compliance with the law, transparency, informational self-determination, data minimization, and data security are already applied when functions and services are developed, and that they’re incorporated into the design.
This approach means that privacy by design is securely integrated into our product development processes. Siemens understands that using its products and services may lead customers to entrust Siemens with processing one of their most precious assets: their data.
If Siemens processes personal data for a customer, it does so under contractual terms that govern how the data is handled, including transfers to third parties.
Siemens continuously maintains a comprehensive register of data processing activities, such as local and global applications, which collect, store, process and use personal data. The content is especially tailored to meet the record and accountability requirements of the General Data Protection Regulation, and we are prepared to make these records available to the corresponding supervisory authority on request.
Requests or complaints from data subjects can be channeled through the Siemens Data Privacy Organization by contacting dataprotection@siemens.com. In addition, you can find further details on how Data Subject rights get handled in our Data Privacy Terms – Section 10.1.
As described in our Sustainability Report, the applicable data protection law focuses on the protection of the persons whose data are processed and grants them comprehensive data protection rights (e.g., the right to information on the personal data processed). To enable Data Subjects to easily assert these rights, Siemens has introduced a centralized hub through which Data Subjects' rights are asserted and answered. For more information, visit the Siemens Data Privacy Notice.
The Siemens Digital Industries Software Subprocessor List identifies subprocessors authorized to subprocess personal data on behalf of our customers.
As outlined in our Data Privacy Terms – Section 6, customers have the possibility to fill out this form to be notified of any changes to the list on this website. If a change occurs, customers will receive an email to the email address provided.
The sustainable implementation of data protection requirements is not just an IT and procedural issue, but must also involve our employees from all departments. For this reason, internal regulations, such as our Business Conduct Guidelines, require every employee to comply with our data protection requirements.
Siemens employees receive both overview and detailed training in the handling of personal data such as web-based training. In addition, employees have access to multiple online resources such as GDPR guidelines and tools to assist with their data protection requirements. Moreover, specifics awareness campaigns on the intranet page are provided and always accessible for our employees depending on their role.
The standard technical and organizational measures (TOMs) implemented by Siemens and its Subprocessors to protect Siemens’ and Subprocessors’ IT systems and applications are described in Annex II of the Siemens Data Privacy Terms. Some Offerings may be protected by different or additional TOMs, as set forth in the respective Agreement.