Our handling with your data and your rights - Information according to Art. 13, 14 and 21 of the EU-General Data Protection Regulation (GDPR) 

With the following information, we would like to give you an overview of how your personal data is processed by us and your rights according to data protection law. Which specific data are processed and how they are used depends largely on the requested or agreed-upon services. Therefore, not all sections of this information will apply to you.

Furthermore, this data protection information may be updated periodically. You can find the latest version at any time here:
www.freudenberg-pm.com/datahandling

Who is responsible for data processing and who can I contact?

The responsible party is your contractual partner, belonging to Freudenberg Performance Mate-rials Holding SE & Co. KG. If you have any questions, please get in touch with your contact per-son.

We have appointed an external data protection officer for the German companies. You can reach him at: data-protection@freudenberg-pm.com

Type of personal data collected

Responsible part for the processing

The controller within the meaning of the GDPR is the company with which you have a contract or which you have contacted. Information on this can be found in the contract concluded with your company.

Joint Controllership

The companies use the same database solution for their activities and access a shared database where necessary. The companies are each independently responsible for the lawful processing activity of personal data and the granting of data subject rights, including the provision of mandatory information. Where necessary, the companies support each other in this. The joint responsibility is defined by an agreement between the companies. 

We have appointed an external data protection officer for the German companies:

c/o activeMind.legal Rechtsanwaltsgesellschaft m.b.H.  
Potsdamer Straße 3  
80802 Munich  
E-mail: data-protection@freudenberg-pm.com or freudenbergpm@activemind.legal   
Phone: +49 89 91 92 94 - 900 

Type of personal data collected

We process the following personal data that we receive from you as part of our business relationship:

  • Company name with legal form and address 
  • Title and name 
  • Telephone numbers 
  • Fax numbers 
  • E-mail addresses 
  • Field of activity or position 
  • Information about your enquiry (incl. usage data) 
  • Other data that you voluntarily provide to us in the course of communication

The following personal data may be processed in the context of customer surveys when using Microsoft Customer Voice:

  • IP address 
  • User name, display name, e-mail address 
  • Profile picture (optional, if stored in Microsoft 365) 
  • Preferred language 
  • Status (optional, if stored in Microsoft 365) 
  • Date and time the questionnaire was opened 
  • Date and time of sending the response(s) 
  • Survey-specific information

The scope of the data processed depends on the information you provide when participating in a vote or survey in Microsoft Customer Voice, especially if questions are formulated "openly". 

We endeavor to conduct the surveys anonymously or in a privacy-friendly manner. If you take part in an anonymous survey, your answer will not contain any personal data.

We process your data for the following purposes and on the following legal basis

For the fulfilment of contractual obligations (Art. 6 para. 1 letter b GDPR)

  • our contract or for the implementation of pre-contractual measures 
  • of ancillary contractual services (e.g. warranty notifications or collection by the manufacturer) 

Due to statutory requirements (Art. 6 para. 1 letter c GDPR)

We are subject to various legal obligations that result in data processing. These include, for example, 

  • Tax laws and statutory accounting 
  • responding to inquiries and meeting the requirements of supervisory or law enforcement authorities 
  • compliance with tax audits and reporting obligations

In addition, the disclosure of personal data within the context of administrative/judicial measures may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

Within the scope of weighing interests (Art. 6 para. 1 letter f GDPR)

  • If required, we process your data beyond actual contractual compliance for the protection of our legitimate interests or those of third parties. Examples of such cases are: 
  • If you contact us by e-mail or telephone, the data you enter will be stored for the purpose of individual communication with you. 
  • Enforcement of legal claims and defence in legal disputes. 
  • Saving additional contacts in the CRM system for communication. 
  • As a business contact, we reserve the right to send you regular information about our products as well as invitations to events by email, unless you have objected to the processing of your email address. 
  • Data processing in the context of events. 
  • Customer surveys, if personal data is not required for the establishment, performance or termination of the contractual relationship. We occasionally conduct surveys using statistical analyses and evaluations. This enables us to gain insights into our market position and the wishes of our customers and to find out how we can further improve our services and products. Our legitimate interests therefore lie in ensuring customer satisfaction and product improvement. We use the Microsoft Customer Voice tool from Microsoft Corp. for this purpose.

On the basis of your consent (Art. 6 para. 1 a GDPR) 

If you have given us your consent to process your personal data, processing activities will only take place in accordance with the purposes and to the extent agreed in the declaration of consent. Any consent given can be revoked at any time with effect for the future. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. The revocation of consent only takes effect for the future and does not affect the legality of the data processed up to the time of revocation. Examples of such cases are 

  • Sending newsletters to interested parties 
  • Creation and use of image and video recordings with sound as part of events 
  • Customer surveys, insofar as consent is given by participating in a survey

Who receives my data?

Within our company

  • In our company employees receive your data in order to contact you and for contractual collaboration (including the implementation of pre-contractual measures) 
  • Within the Freudenberg Group as international organization 

In the context of data processors

Your data will only be forwarded to service providers (processors) when necessary to per-form our contractual duties 

  • Support or maintenance of EDP or IT applications 
  • Accounting 
  • Data destruction 
  • CRM system provider 
  • ERP system provider 
  • Video conferencing system Microsoft Teams  
  • Marketing and Mailing service provider  
  • Service provider in the context of technical support for the organisation and implementation of events and customer surveys e.g. Microsoft Customer Voice 

All service providers are obliged to handle your data confidentially pursuant to a commissi-oned processing contract.

Third parties

Data is only passed on to recipients outside our company in compliance with the applicable data protection regulations. Recipients of personal data can be, for example: 

  • Public bodies and institutions (e.g., tax authorities, law enforcement authorities) when presented with a statutory or regulatory obligation 
  • Credit and financial services institutions (processing payment transactions) 
  • Tax consultants, certified public accountants, and income/corporate tax auditors (statutory audit mandate) 
  • External data protection officer

Is data transferred to a third country or to an international organisation? 

We regularly transfer data within the Freudenberg Group, which is an international organisation. We have concluded an agreement to ensure an appropriate level of data protection. 

A data transfer to places in countries outside the European Economic Area (so-called third countries) takes place, provided that 

  • it is required by law (e.g. reporting obligations under tax law), 
  • it is necessary for the performance of a contractual service 
  • you have given us your consent or 
  • this is legitimised by the legitimate interest under data protection law and does not conflict with any higher interests of the data subject worthy of protection.

However, we use service providers for certain tasks, most of whom also use service providers that may have their headquarters, parent company or data centers in a third country. A transfer is permissible if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR). In the absence of such a decision by the Commission, undertakings or service providers may transfer personal data to service providers in a third country only if appropriate safeguards are in place (standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. 

In addition, we have contractually agreed with our service providers that guarantees regarding data protection must always exist with their contractual partners in compliance with the European data protection level. We will provide you with a copy of these guarantees upon request.  

With regard to customer surveys, data processing generally takes place within the EU/EEA, as our data centers are located in the EU/EEA. However, we cannot rule out the possibility that data may be routed via internet servers located outside the EU. This may be the case if the respondent is located in a third country. However, the data is encrypted during transportation via the Internet and thus protected from access by third parties. 

Beyond this, we do not transfer any personal data to bodies in third countries or international organisations.

How long will my data be stored? 

We process and store your personal data as long as this is necessary to fulfil our contractual and legal obligations. It should be noted that the employment relationship is a continuing obligation that is intended to last for a longer period of time. If the data are no longer required for the fulfilment of contractual or legal obligations, these are deleted on a regular basis.

Exceptions to the above-mentioned deletion criteria are for: 

  • Data required to fulfil the statutory retention requirements. The respective stipulated periods for retention or documentation are usually six to ten years; 
  • Data for maintaining evidence in accordance with the legal statute of limitations. These statutes of limitations can be up to 30 years, whereby the regular limitation period is three years.

If the data processing takes place in our legitimate interest of that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions also apply here. However, survey data is deleted or anonymized as soon as it is no longer required once the purpose of the data processing has been achieved. This usually happens three months after completion of the respective customer survey. 

The same applies to data processing based on consent given. As soon as this consent for the future is revoked by you, the personal data will be deleted, unless there is one of the exceptions mentioned.

What data protection rights do I have? 

You have the right of access pursuant to Art. 15 GDPR, right to rectification pursuant to Art. 16 GDPR, right to erasure pursuant to Art. 17 GDPR, right to restriction of processing pursuant to Art. 19 GDPR, right to object from Art. 21 GDPR as well as the right to data portability from Art. 20 GDPR

Restrictions may apply to the right of access and the right to deletion, as provided by national laws.

If you have given us your consent, you can revoke it at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing activities carried out on the basis of the consent prior to its withdrawal. Processing activities that took place before the revocation are not affected. 

In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).

Is there an obligation to provide data? 

Under the terms of the contractual relationship, you may provide the personal information necessary to initiate, carry out and terminate the contractual relationship and to fulfil the respective contractual obligations or those that we are required to collect by law. Without this data, we will not be able to contact you, enter into a contract with you or perform the services detailed therein. 

The provision of your personal data in the context of surveys is neither legally nor contractually required. Without your personal data, we will not be able to conduct the vote or the survey with you. You will not suffer any disadvantages if you do not take part in the survey.

The dispatch of the newsletter, the production of image, video and sound recordings and the provision of your personal data for planning and organisational purposes is voluntary. Please note, however, that it may not be possible to send a newsletter, product and use recordings or make participation in the event possible if you provide incomplete information or no information at all.

Information on your right to object according to Art. 21 GDPR

Individual right of objection

You have the right to object to the processing of your personal data by us at any time for reasons arising from your particular situation, provided that this objection was filed in accordance with Art. 6 (1) (f) GDPR (data processing based on a weighing of interests). 

If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, carrying out or defending legal claims. 

Recipient of an objection

The objection can be made without any formal requirements with 'Objection' in the subject line, your name and mail address and should be addressed to: 

data-protection@freudenberg-pm.com or freudenbergpm@activemind.legal

Changes to our privacy policy

We reserve the right to adapt this privacy policy so that it always complies with current legal requirements or to implement changes in processing procedures in the privacy policy, e.g. when introducing new services.  

Status: October 2025