Siemens Finance Sp. z o.o. Privacy Policy

1. Legal Basis

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

2. Personal Data Controller

The Controller of your personal data is Siemens Finance with its registered office in Warsaw, ul. Żupnicza 11, 03-821 Warsaw.

Siemens Finance is part of the Siemens Group. A full list of companies within the Siemens Group can be found on our website www.siemens.com.

3. Fundamental Principle of Personal Data Processing

Siemens Finance attaches great importance to ensuring the security and protection of your personal data. Therefore, Siemens Finance processes personal data in accordance with applicable legal regulations regarding data protection and security, respecting your right to privacy.

4. Processing of Personal Data Related to Your Use of Our Websites, Applications, and Online Platforms

When you use Siemens Finance's and other Siemens Group companies' websites, applications, or online tools (hereinafter "Siemens Online Offerings"), Siemens Finance and other Siemens Group companies may process your personal data. Processing takes place according to the following principles.

4.1. Categories of Personal Data Processed

Siemens Finance and other Siemens Group companies may process the following categories of your personal data:

• personal data actively and voluntarily provided by you through Siemens Online Offerings (e.g., during registration, contacting us with inquiries, or participating in surveys, etc.), including name, email address, phone number, information provided as part of support requests, comments, or forum posts, etc.;
• information automatically transmitted to us by your browser or devices, such as IP address, device type, browser type, referring page, pages visited during your visit, date and time of each visitor request.

4.2. Purpose of Personal Data Processing

Siemens Finance and other Siemens Group companies may process your personal data for the following purposes:

• performing services and functions within Siemens Online Offerings and ensuring support for your use of Siemens Online Offerings;
• verifying your identity (if you have registered for Siemens Online Offerings);
• responding to and fulfilling your specific requests;
• to the extent necessary and justified, to enforce applicable terms and conditions regarding Siemens Online Offerings, to establish, maintain, or defend a legal claim, to prevent fraud or other unlawful activities, including attacks on the IT systems of Siemens Finance and other Siemens Group companies.

The processing of your personal data is necessary to achieve the above purposes.

4.3. Legal Basis for Personal Data Processing

Unless otherwise indicated at the time of data collection, Siemens Finance may process your personal data based on the following legal bases:

• your explicit consent to the processing of your personal data (Article 6(1)(a) GDPR);
• processing is necessary for the performance of a contractual relationship with you (Article 6(1)(b) GDPR);
• processing is necessary for the legitimate interest of Siemens Finance in effectively and efficiently providing and managing Siemens Online Offerings (Article 6(1)(f) GDPR).

4.4. Cookies

Within Siemens Online Offerings, we may use cookies. Information about the use of cookies can be found on the Siemens website under the "Cookie Policy" tab (https://www.siemens.com/pl/pl/home/general/legal.html). The Cookie Policy also contains information on the rules for blocking cookies, refusing consent to their use, and the processing of data collected in cookies.

4.5. Links to Other Websites

This Privacy Policy applies only to Siemens Finance's and other Siemens Group companies' Online Offerings and does not apply to other websites or applications operated by third parties. We may include links to other websites that we believe may be of interest to you. Siemens Finance, nor other Siemens Group companies, are responsible for the data protection practices employed by these websites.

5. Processing of Personal Data Related to Your Business Cooperation with Siemens Finance

In the context of its business cooperation, Siemens Finance may process personal data concerning our clients, suppliers, vendors, and other partners, as well as their current and future contact persons and their representatives (hereinafter "Business Partners"). Processing takes place according to the following principles.

5.1. Categories of Personal Data Processed

Siemens Finance may process the following categories of your personal data:

• contact details, such as name, address, phone number, mobile phone number, fax number, and email address;
• payment data, such as data necessary for processing payments and preventing fraud, including bank account numbers and other related billing data;
• additional necessary information that must be processed as part of cooperation with Siemens Finance in the implementation of projects or contracts or provided by you voluntarily;
• personal data collected from publicly available resources, reliable databases, and credit bureaus and/or other credit agencies and/or economic information bureaus;
• where legally required to check a Business Partner for compliance: date of birth, identification numbers, identity document numbers/copies, and information about significant court cases or other legal proceedings against Business Partners.

5.2. Purpose of Personal Data Processing

Siemens Finance may process your personal data for the following purposes:

• planning and implementing cooperation (contractual relationships) with Business Partners, in particular by performing transactions and orders for products or services, processing payments, performing or commissioning the following activities and services: accounting, auditing, billing, debt collection, legal, appraisal (including preparing valuations, opinions, conducting inspections), assessing creditworthiness and credit risk analysis in connection with considering applications for financial products, placing insurance with insurers, assignment of receivables;
• communicating with Business Partners regarding Siemens Finance's or Business Partners' products, services, and projects;
• improving our products and services, customer service, and conducting customer surveys, marketing campaigns, market analyses, lotteries, contests, or other promotional activities or events;
• maintaining and protecting the security of our products, services, and websites, preventing and detecting security breaches, fraud, or other criminal or malicious activities;
• ensuring compliance with legal obligations (such as record-keeping obligations), export control, customs regulations, tax law, accounting regulations, obligations regarding checking Business Partners for compliance (to prevent official crimes and money laundering), and Siemens Group policies and industry standards;
• resolving disputes, enforcing our contracts, and establishing, exercising, and defending legal claims.

The processing of personal data is necessary to achieve the above purposes.

5.3. Legal Basis for Personal Data Processing

Unless otherwise indicated at the time of data collection, Siemens Finance may process your personal data based on the following legal bases:

• your explicit consent to the processing of your personal data (Article 6(1)(a) GDPR) (if required);
• processing is necessary for the performance of a contractual relationship with you (Article 6(1)(b) GDPR);
• the need to use data to fulfill our legal obligations (Article 6(1)(c) GDPR);
• the use of personal data is justified by the legitimate interest of Siemens Finance or the interest of other entities, in situations where it does not involve any adverse consequences for you – including situations where it is in our interest to offer you additional products or services (Article 6(1)(f) GDPR);
• processing is also necessary for the effective implementation of cooperation or the management of our business cooperation with you (Article 6(1)(f) GDPR).

6. Transfer and Disclosure of Personal Data

Entities to whom Siemens Finance transfers or discloses your personal data act solely on the instructions of Siemens Finance or other Siemens Group companies, or pursue their own purposes, in accordance with applicable personal data protection law.

6.1. Recipients of Personal Data / Categories of Personal Data Recipients

Siemens Finance may transfer personal data to:

• other Siemens Group companies or third parties, but only if and to the extent that such transfer is necessary for the realization of the aforementioned processing purposes;
• courts, law enforcement agencies, regulatory bodies, or law firms, if legally permissible and when necessary to ensure compliance with the law or to establish, exercise, or defend legal claims;
• entities to whom Siemens Finance entrusts the performance of services in the field of hosting or maintenance of IT systems (IT providers);
• other entities that support our activities in the field of financial solutions offered to you, in particular: insurers, insurance agents, entities providing services in the field of client acquisition for Siemens Finance products, appraisers, companies supporting Siemens Finance in administration and debt collection, law firms, banks participating in the execution of direct debits, intermediaries in accepting and processing payments, credit bureaus and/or other credit agencies and/or economic information bureaus, entities providing advisory and control services, e.g., consulting and auditing firms, service workshops, postal operators and courier companies, warehousing and/or transport companies.

6.2. Transfer of Personal Data to Third Countries

Recipients of personal data may be located in countries outside the European Economic Area (hereinafter "third countries") where applicable law does not provide the same level of data protection as the law of the individual's home country.

In the event of transferring your personal data to third countries, Siemens Finance takes, in particular, the following measures to implement appropriate and adequate safeguards to ensure the protection of personal data by other means:

• we exchange personal data with Siemens Group companies in third countries only when they have implemented the Siemens Group's Binding Corporate Rules (hereinafter "BCRs") regarding personal data protection. Additional information regarding the Siemens Group's BCRs can be found here;
• we transfer personal data to external recipients in third countries only if the recipient (i) has signed EU standard contractual clauses with the Siemens Group, (ii) has implemented binding corporate rules within their organization. Interested individuals may contact the Siemens Group to obtain additional information and copies of the relevant safeguards.

6.3. Recipients of Personal Data within Siemens Online Offerings

In some cases, personal data published by you within Siemens Online Offerings (e.g., global chatrooms or global application user forums) may be accessible worldwide to other registered users of that Siemens Online Offering.

7. Automated Decision-Making

In some cases, as part of the lease/loan application review process, Siemens Finance may use automated decision-making processes, as referred to in Article 22 GDPR, in the form of automatic creditworthiness verification. Siemens Finance relies on such technical solutions to meet your expectations for efficient application processing and reduced waiting times for a decision.

The automated procedures mentioned above are a necessary element for concluding an agreement between you and Siemens Finance.

Nevertheless, if you have objections to a decision made by Siemens Finance in your case in the manner described above, you have the right to challenge it, i.e., to request verification of the decision by a person authorized by Siemens Finance. To do so, you should take the steps indicated in the Product or Service Regulations you wish to use.

8. Data Retention Period

Unless otherwise indicated when obtaining personal data from you (e.g., using a consent form accepted by you), we delete personal data if:

• the retention of such data is no longer necessary for the purposes for which it was collected or processed, and
• no statutory data retention obligation under applicable law (such as tax or commercial law) requires us to continue retaining personal data.

9. Withdrawal of Consent

If you have given your consent to the processing of certain personal data by Siemens Finance or other Siemens Group companies, you have the right to withdraw your consent at any time with future effect, meaning that the withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal. In case of withdrawal of consent, Siemens Finance or other Siemens Group companies may continue to process data only if there is another legal basis for their processing.

10. Your Rights

In accordance with applicable personal data protection law, you may – provided that the relevant legal requirements are met – have the right to:

• obtain confirmation from Siemens Finance as to whether personal data concerning you is being processed and, if so, access to such personal data (right of access to personal data);
• have Siemens Finance rectify inaccurate personal data concerning you (right to rectification of personal data);
• have Siemens Finance erase personal data concerning you (right to erasure of personal data);
• have Siemens Finance restrict the processing of personal data concerning you (right to restriction of processing);
• data portability in respect of personal data that you have actively provided (right to data portability);
• object, on grounds relating to your particular situation, to the processing of personal data concerning you (right to object to data processing);
• object to the processing of personal data concerning you for direct marketing purposes (right to object to data processing for marketing purposes).

11. Contact for Data Protection Matters

The Siemens Group Data Protection Department provides support for any questions, comments, concerns, or complaints related to data protection or if you wish to exercise your data protection rights. The Siemens Group Data Protection Department can be contacted at: dataprotection@siemens.com.

The Siemens Group Data Protection Department will always make every effort to consider and resolve your requests or complaints.

In addition to contacting the Siemens Group Data Protection Department, you always have the right to address your request or complaint to the competent data protection authority.