1. Nutzungsbedingungen
  2. Guidance Information FG

Notes according to Art. 13 GDPR
On the handling of personal data

The protection of personal data and in particular the implementation of the requirements of the European General Data Protection Regulation (GDPR) is of particular concern to Fujitsu.

With the following data protection information, we inform you about the processing of personal data by us, Fujitsu Germany GmbH (hereinafter referred to as "Fujitsu Germany", “Fujitsu” or “we”) in the context of our general business activities and for the purpose of providing services in the context of partner, customer, prospective customer, or supplier relationships as well as our Internet presences (websites and social media).

This data protection information is supplementary to the Fujitsu Global Privacy Policy, published by Fujitsu Ltd. Japan, applicable to Fujitsu Limited and its subsidiaries, which you can find here:

If you would like an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find a variety of further information on the website of the German Federal Data Protection Commissioner, available under

1. Responsible for the processing of personal data

Responsible:

Fujitsu Germany GmbH
Mies-van-der-Rohe-Straße 8
80807 München
Deutschland
Tel.: +49 (89) 62060-0

Data Protection Officer

Stefan Strobel

Address:
Fujitsu Germany GmbH
Stefan Strobel
Mies-van-der-Rohe-Straße 8
D-80807 München

Contact:

You can also use the following contact form:

2. Purpose of collection, processing or use of personal data: 

Fujitsu Germany uses your personal data only to the extent necessary for certain purposes. As such we may collect, store and use your personal information for the purpose (i) to operate, manage, develop and promote our business (including our products, services and events) and, in particular, our relationship with the organisation you represent (if any) and related transactions, (ii) to protect our business from fraud, money-laundering, breach of confidence, security threats, theft of proprietary materials and other financial or business crimes; (iii) to comply with our legal and regulatory obligations; (iv) to bring and defend legal claims and assert legal rights; and (v) if the purpose is directly connected with an assigned purpose previously made known to you.

In the table below, you will find (i) an exemplary list of the collection and processing activities for which Fujitsu Germany uses your personal data and (ii) an overview of the purposes and the corresponding legal bases. 

Collection and processing activities Purpose and legal basis
Management of our business relationship and communication with you as a partner, customer, interested party, investor or supplier, e.g. to perform our contract with you or your company, for warranty, maintenance and support processes (as described in the " Warranty and support services for products and solutions" section 8 below), or for accounting and billing/payment purposes (including to offer financing solutions to customers together with our finance partners) Justified based on a contract or pre-contractual measures (Art. 6 (1) (b) GDPR).
In case you visit our premises or Fujitsu controlled sites, please note that some of our premises have closed circuit TV (CCTV) systems and other security and access management systems which may record you and certain information about your visit for security and safety purposes Justified by our legitimate interest (Article 6(1)(f) GDPR).
Facilitating communication with you in emergencies, e.g. in respective product compliance processes Justified based on our legitimate interest in ensuring proper communication within the organization and dealing appropriately with emergencies (Article 6(1)(f) GDPR).
Statutory reporting obligations and participation in legal proceedings Justified by the need to comply with legal obligations to which we are subject (Article 6(1)(c) GDPR).
Improving the security and functioning of our website, networks, and information - if necessary, if suspected, by tracking your use of our systems Justified based on our legitimate interest in ensuring the security of our networks and information and avoiding infringements (Article 6(1)(f) GDPR).
Data analysis (i.e. analysis of business transactions and data) to describe, predict and improve economic performance within Fujitsu and/or to provide a better experience for the user; (for more details on how to perform analytics on our website, please refer to our (Cookie Policy: Fujitsu Global). Where Fujitsu offers the use of Google Maps, you are requested to give Fujitsu your consent to the integration of the Google Maps map (including integrated Google Fonts) on the dedicated website. This consent includes all applications on this website that integrate Google Maps (including integrated Google Fonts). Without your consent you cannot use the functionalities of this website related to Google Maps service. Justified based on our legitimate interest in ensuring the proper conduct of our business activities (Article 6(1)(f) GDPR). In case of Google Maps: Justified based on consent as a principle (Art. Article 6(1)(a) GDPR).
Marketing and advertising to you on our products and services (unless you have objected to processing for this purpose, as described in Section 9 "Marketing activities" below), in particular (i) sending you commercial communication which is relevant and of use to you by using your contact data, exp. e-mail addresses, (ii) providing you with services or information that you may have requested, (iii) keeping you informed and updated on relevant products or services you may be interested in, (iv) enabling you to take part in our online assessments and/or surveys, (v) allowing you to obtain a copy of a whitepaper, (vi) to address you with an appropriate greeting, (vii) enabling you to attend a webinar, (viii) allowing to contact you by a Fujitsu representative for a specific reason, and (ix) enabling you to complete an event registration form or post event form to participate in events related to our products or services. Justified based on consent (Art. 6 (1)(a) GDPR), or legitimate interest (Article 6(1)(f) GDPR), where relevant in combination with § 7 para. 3 UWG for existing customers.
Managing and operating events and/or demonstrations of our actual or potential products and services; for audio/video recordings during live/recordings of events (including virtual events/webinars): to inform interested stakeholders about the content of such events/recordings (including the online publication of such recordings for marketing purposes) Based on your consent obtained before the event (Art. 6 (1)(a) GDPR).
When you apply for a job, we process your personal data as set out in the privacy notice of the *Fujitsu Recruiting Portal or of the respective other recruiting platform you may use. Necessary to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1) (b) GDPR).

Insofar as our legitimate interests constitute the legal basis for the processing of personal data for a specific purpose according to the table above, we have carried out a corresponding Legitimate Interest Assessment (LIA) in accordance with Article 6(1)(f) GDPR. If you would like to receive further information on this LIA approach, please contact Fujitsu's Data Protection Officer.

As part of the above-mentioned processing activities, we may pass on personal data to third parties or processors in the following context: 

  • Other members of the Fujitsu group if this is necessary in connection with your employment or contract;
  • Tax advisors and auditors of Fujitsu;
  • External legal advisors;
  • Insurance and pension service providers;
  • IT service providers who process data as part of their service delivery and, if applicable, use external data centers and, if applicable, independently use AI systems or make them available to Fujitsu for use (such as service providers for IT maintenance activities or external IT service providers who process data as part of the provision of M365 services (e.g. MS Teams, MS SharePoint, MS Exchange, MS OneDrive, Viva Engage, MS Copilot or similar));
  • Third parties offering products and services, potentially utilizing their own data centers and, if applicable, independently using AI systems: see Section 7 ("Third-Party Products and Services")
  • Warranty and support-service providers for Fujitsu products and solutions: See section 8 (“Warranty and support-services for products and solutions”)
  • Marketing service providers;
  • Travel service providers;
  • Credit card providers;
  • Print service providers;
  • Scanning service providers;
  • Training providers;
  • Relocation service providers;
  • Other service providers who process employee data on our behalf as part of supporting our business activities;
  • Tax authorities;
  • Third parties to whom Fujitsu is legally or regulatory obligated or where it is necessary to comply with applicable law to disclose data (including the opposing party in litigation); or
  • For the establishment, exercise or defense of legal claims before courts, arbitration tribunals and competent regulatory and law enforcement authorities. 

3. Joint Controller

Fujitsu Germany and Fsas Technologies GmbH (hereinafter referred to as “Fsas Technologies”), both Mies-van-der-Rohe-Straße 8, 80807 Munich are acting as Joint Controllers in the following activities: 

- Fujitsu Group-internal IT systems and IT-tools used for product related and for service business and

- Marketing activities: use of contact data, esp. e-mail addresses for commercial communication (for further details please see section 9 "Marketing activities" below)

4. Description of the groups of persons concerned, the associated data or data categories and sensitive data:

The term "personal data" means personal data within the meaning of the definition of Art. 4 (1) GDPR. This is all information that relates to a natural person and with which this person can be identified directly or indirectly.

Within the scope of the procedures used or applied by Fujitsu Germany, data subjects from the following groups of people are affected:

  • Customers, potential customers / interested parties 
  • Suppliers
  • Commercial agents / partners of Fujitsu Germany
  • Applicants when applying for a job offer

In its procedures, Fujitsu Germany uses the following categories of personal data or data categories:

  • personal reference data (e.g. first name, surname, title, address)
  • Communication data (e.g. phone, e-Mail)
  • Contract-reference data (contractual relationship, interest in products and contract fulfilment)
  • Customer history
  • Contract billing and payment data (e.g. bank details, account number or, if applicable, credit card number)
  • Information from third parties 

Please do not send or share with us any sensitive personal information (e.g. information related to ethnic origin, political opinions, religion or other beliefs, health, sexual orientation, genetics, or biometric data, criminal background or trade union membership or any other personal information that may be considered sensitive), unless, in limited situations where we do request strictly necessary sensitive personal information from you, for example when we are undertaking due diligence and compliance checks on a supplier. We will only process sensitive personal information where we have a lawful basis to do so and in accordance with this data protection information.

5. Data transfer to third parties

Fujitsu works closely with its development, production, sales, marketing and service partners. The support of national and international customers, suppliers and business partners is provided by the sales and service organizations of Fujitsu worldwide, by the parent company Fujitsu Ltd. Japan as well as our subcontractors or suppliers.

Prior to each and any onward transfer, we take the necessary steps to ensure that your personal data is adequately protected in accordance with the relevant data protection laws.

Unless otherwise notified, a transfer of your personal data from the European Economic Area (EEA) to third parties outside the EEA is based on an adequacy decision or is subject to the EU Standard Contractual Clauses. You can get a copy via the above contact addresses. Any other cross-border transfer of your personal data not related to the EEA will be carried out in accordance with the relevant international data transfer mechanisms and security measures under Article 46 GDPR. In this case, it is possible that the transmitted data will be processed by local authorities.

6. General notes on the use of AI systems

We use Artificial Intelligence (AI) systems for our own purposes in certain areas of our company. This is done exclusively in accordance with the legal requirements for the use of AI, in particular the European Union's AI Regulation. The processing of personal data is carried out exclusively within the framework of applicable data protection laws, in particular the GDPR. No data is transferred to public clouds or publicly accessible AI platforms. The AI procedures used serve to optimize processes, analyze content, or provide automated functions. The legal bases for processing your personal data result from the description under section 2 ("Purpose of collection, processing or use of personal data ").

The AI systems used process personal data as described under Section 4 ("Description of the groups of persons concerned, the associated data or data categories and sensitive data ") to fulfill the following purposes:

  • Automated checking, assignment, and answering of inquiries (e.g., by chatbots) 
  • Analysis of usage data to improve our services
  • Support in preparing information content
  • Detection and prevention of misuse or security risks

Personal data will only be used to the extent necessary to fulfill the respective purposes. Automated decisions within the meaning of Art. 22 GDPR are not made in this regard.

7. Products and services of third parties

Where Fujitsu offers products or services of third parties or where Fujitsu provides warranty and support services for third-party products under its own responsibility in accordance with a Fujitsu product or service data sheet , Fujitsu and such third party providers may collect and use personal data and related information, including, but not limited to, technical information about devices, systems, related software, services, or peripherals associated with the third party service use and potential further products provided under a separate agreement with the third party provider. Data collected may be used for purposes of facilitating the provision of updates, license authentication, maintenance, and analytics consistent with the then current privacy policy of the third party provider. Please let us know in case you need support to get access to such privacy policies.

While providing third party offerings, your personal data may be transferred to regions outside the EU/EEA (e.g. for 24/7 service provision by the third party). In such case and unless otherwise notified, a transfer of your personal data from the European Economic Area (EEA) to third parties outside the EEA is based on an adequacy decision or is subject to the EU Standard Contractual Clauses. In case of questions please contact us via the contact address, given above. Any other cross-border transfer of your personal data outside the EEA will be carried out in accordance with the relevant international data transfer mechanisms and security measures under Article 46 GDPR. In this case, it is possible that the transmitted data will be processed by local authorities.

8. Warranty and support services for products and solutions

Fujitsu Germany as data controller uses the contact data, such as contact person, telephone number / mobile phone number / e-mail address for customer service, i.e. in particular to advise and answer your questions and to remedy service incidents. The following partners are involved in warranty and support services:

  • Fujitsu Poland sp. z o.o., Poland 
  • Fujitsu Technology Solutions, Lda, Portugal 
  • Fujitsu Consulting India Private Limited, India 
  • Local, customer-specific service partners and sales partners
  • Fujitsu Ltd. Japan and Fsas Technologies Inc. Japan for Back-Level-Support
  • The respective product manufacturers within the scope of their product responsibility as suppliers
  • Fujitsu Technology Solutions sp. z.o.o., Poland
  • Cupola Teleservices Limited, Dubai, United Arab Emirates
  • Innovaway SPA, Italy
  • Foundever Magyarország Kft., Budapest, Hungary; Foundever Sweden AB, Ed, Sweden and Foundever Finland Oy, Turku, Finland
  • Fsas Technologies SL., Spain
  • Fsas Technologies Ltd., United Kingdom

9. Marketing activities

We use communication data, in particular e-mail addresses, for commercial communication, including via social media, with our existing or potential customers and partners.

a. Responsible for the processing of personal data

Fujitsu Germany and Fsas Technologies have concluded a Joint Controller agreement in accordance with Art. 26 GDPR. According to this agreement, the controllers jointly decide when which marketing activities and related processing of personal data take place. However, each company is solely responsible for the conclusion and execution of any contract with customers and suppliers. The central point of contact for you is Fujitsu Germany.

b. Marketing activities / use of contact data and e-Mail addresses for commercial communication

To the extent direct advertising is based on consent, e.g. in the context of an e-mail newsletter the necessary information is your e-mail address, your name and your company/organization. To register for such marketing communication, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you for confirmation. In addition, we store your IP addresses and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration. In addition, we refer to the following explanations on the use and acquisition of information in connection with a social media environment.

To the extent as business cards are handed over to us, we store the contact details of the interlocutors with us and use this data for marketing purposes within the scope of the legally permissible possibilities.

Of course, you can revoke your advertising consent to Fujitsu Germany at any time with effect for the future. You can revoke this by clicking on the link provided in each newsletter e-mail, by e-mail to

or by sending a message to the contact details of the Responsible provided above.

Furthermore, you can assert your rights as a data subject, as described in the section "16. Your rights".

As soon as the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future as described above, we will delete your data.

Our Account Engagement (Pardot) emails contain a tracking code that uses JavaScript from Pardot, a Salesforce cloud service, to track the opening of emails, clicks, and other recipient interactions with email content, storing this data within Pardot. This data is used to measure and improve the effectiveness of our email communications and to personalize our marketing efforts.

c. Social Media

If you interact with us through social media services, we may be able to access certain information about such interaction. We make reasonable efforts to ensure that the social media providers have permission from you to allow us to access certain information about you. Please note that we are not responsible the way social media service providers handle your personal information that they may collect from you, as this is their responsibility. For instance, our website may use plugins of social media networks such as X (formerly known as Twitter), Facebook, and LinkedIn or the other social media network’s plugins in particular countries or regions. If you use one of these plugins, these plugins can establish a direct connection between your browser and the sites of the respective social media networks. As this transfer takes place directly between your browser and the respective network, we do not have any access, knowledge or control over any data sent or the use of this data within the respective social media networks. If you make use of a social media network and make content available to such networks, this is not covered by this privacy information. Instead, the terms of use and privacy policies of the respective operators of those social media networks shall apply to any such content. We encourage you to read the privacy policies and terms and conditions of your social media service providers to understand how they handle your personal information.

10. Photography and filming

To the extent photos are taken by us at trade fairs and events, we will point this out in advance and obtain the consent of the persons concerned if we want to photograph individual persons. If we create photos in which you are photographed with several other people, e.g. in a group, in panoramic shots or similar shots, we ask you to contact us if your person is to be made unrecognizable. This data will be stored until the purposes described in the declaration of consent cease to apply or you revoke your consent with effect for the future.

11. Visiting our website or web-based platforms

We may make web-based platforms available to our partners, customers and suppliers and such platforms may collect your personal information if you use such platforms. This privacy information applies to such personal information collected during the registration process and/or during the use of such platforms.

When you are visiting our website or web-based platforms for information, without registering or logging in, we may nonetheless collect data which may include personal data from you, through your browser, such as:

- IP address and corresponding network location
- Exact time (including time zone) of your request
- Metadata and contents of your request
- Details of your browser and operating system

This enables our server maintenance and security team to analyse errors and potential threats in real time. The legal basis for this processing of your data is Article 6(1)(f) GDPR, which allows the processing of data for our legitimate interests, that is technically required to ensure a stable, secure and functioning website. This data is deleted after 90 days. 

12. Information use and information gathering in conjunction with a social media environment

The wikis and blogs operated by Fujitsu or Fujitsu Germany itself are subject to Fujitsu's privacy and security regulations. This applies to

In addition, Fujitsu and/or Fujitsu Germany use social media environments such as Xing, LinkedIn, etc. to gather information.

To process enquiries sent to us via its social network presences, we process the personal data that you have sent to the respective social network. The processing of your data is necessary to process your request (Art. 6 (1) (b) GDPR). Depending on the content of the request, the processing will be limited to processing for the specific purpose of the request (e.g. interest in advertising our services). 

Insofar as you communicate with us and/or employees of us via LinkedIn, it should be noted that LinkedIn is provided by LinkedIn Corporation. In this respect, the terms of use of LinkedIn apply, which every user must agree to and which are available at the following link:

Furthermore, the LinkedIn Privacy Policy available at 

applies, as well as, where relevant for your specific use, the terms of the LinkedIn Data Processing Agreement, which can be found at

13. Salesforce

We use Salesforce Inc's cloud platform to manage our customer and potential customer portfolio. To do so, we must collect and process certain personal data from you. Such personal data can include your contact details (e.g. name, email), account creation details (e.g. username, password, security questions) as well as details about your relationship with us (interest in products and services, previous purchase history). The legal basis for the processing is Article 6 (1)(b) GDPR and Article 6 (1)(f) GDPR under which it is within our legitimate interests to implement an efficient method of managing our customers as well as with consent under Art 6 (1)(a) GDPR.

14. Data Transparency

We are committed to protecting your privacy and ensuring transparency about how your personal and product data is handled. Insofar as our products generate, collect, and store product usage and environmental data, such as performance and usage metrics, event and error logs, user activity logs, and sensor data from systems, the collected data is stored locally on your respective system. This data is available to you at all times, meaning you have full control and access to the collected data at all times without having to contact us.
Please note: by default, your system does not send any data to us. However, you may have the option to configure your system to transfer the collected data to us or third parties, for example, to enable its use for product-related services such as maintenance and support. However, this is solely at your discretion.
It always applies: you are the owner of the collected data stored on your respective system and can dispose of the data at your own responsibility and discretion.
Insofar as software (including operating system) and/or hardware provided to you contains third-party components, it is possible that these may generate, collect, store, and potentially provide additional usage data to the respective software/hardware manufacturer. Please read the documentation of the third-party software/hardware manufacturer and/or contact us.

15. How long do we store your data?

We process and store your personal data within the scope of what is necessary for the duration of our business relationship, which includes, for example, the initiation and processing of a contract as well as the regular limitation period of 3 years to defend against or assert legal claims.

In addition, we are subject to various storage and documentation obligations arising from, among other things, the German Commercial Code (HGB) or the Tax Code (AO). The retention periods mentioned there are 6 to 10 years. During this time, the processing of the data is restricted. For example, accounting documents relevant to commercial or tax law are stored for 10 years and contract- and tax-relevant documents for at least 6 years.

In legal matters, the associated data is stored for at least 6 years, in the case of enforcement titles, the storage period can be up to 30 years due to the statute of limitations.

Please note: to protect your personal data against accidental or unlawful destruction, loss, use, or alteration and against unauthorized disclosure or access, we use adequate physical, technical and organizational security measures.

The security, integrity and confidentiality of your personal information is extremely important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal information from unauthorized access, disclosure, use and modification. We regularly review our security procedures to consider appropriate new technology and methods to protect information we hold.

We will delete your personal information when we no longer need such personal information, for instance where:

- it is no longer necessary for us to retain your personal information to fulfil the purposes for which we had collected it;
- we believe that your personal information that we hold is inaccurate; or
- in certain cases where you have informed us that you no longer consent to our processing of your personal information.

Sometimes, however:

- there are legal or regulatory requirements which may require us to retain your personal information for a specified period, and in such cases, we will retain your personal information for such specified period; and
- we may need to retain your personal information for certain longer periods for product liability purposes or in relation to legal disputes, and in such cases, we will retain it for such longer periods to the extent required.

Note that we may retain some limited information about you even when we know that you have left the organization that you represent, so that we can maintain a continuous relationship with you if and when we are in contact with you again, representing a different organization.

16. Your rights

As a data subject, you have the right to information pursuant to Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the right to erasure pursuant to Article 17 GDPR, the right to restriction of processing pursuant to Article 18 GDPR and the right to data portability pursuant to Article 20 GDPR. The restrictions of §§ 34, 35 BDSG apply to the right to information and the right to erasure.

In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG). You have the right to lodge a complaint with a supervisory authority of the member state of your habitual residence, place of work or place of the alleged infringement if you believe that the collection and processing of your personal data violates data protection laws.

If we use your personal data, in particular the e-mail address for marketing activities / commercial communication, you can object to this use at any time, e.g. via the contact details mentioned above.

For further descriptions and explanations on data protection and how you can assert your rights against us, please refer to our Privacy Policy, which we have published on the Internet.

The Fujitsu Germany data protection officer will be happy to answer any questions you may have. To do so, please contact us using the contact details given above.

Further information and explanations on the rights mentioned can be found on the website

as well as at

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach
Telefon: 0981/53-1300
Telefax: 0981/53-5300

An overview of the national and international data protection authorities can be found 

Munich; April 1st 2026

page top