ZEISS is an internationally leading technology enterprise operating in the fields of optics and optoelectronics. In the previous fiscal year, the ZEISS Group generated annual revenue totaling more than 5.8 billion Euros in its four segments, Industrial Quality && Research, Medical Technology, Consumer Markets and Semiconductor Manufacturing Technology (status: September 30, 2018).
For its customers, ZEISS develops, produces and distributes highly innovative solutions for industrial metrology and quality assurance, microscopy solutions for the life sciences and materials research, and medical technology solutions for diagnostics and treatment in ophthalmology and microsurgery. The name ZEISS is also synonymous with the world's leading lithography optics, which are used by the chip industry to manufacture semiconductor components. There is global demand for trendsetting ZEISS brand products such as eyeglass lenses, camera lenses and binoculars.
With a portfolio aligned with future growth areas like digitalization, healthcare and Smart Production and a strong brand, ZEISS is shaping the future far beyond the optics and optoelectronics industries. The company's significant, sustainable investments in research and development lay the foundation for the success and continued expansion of ZEISS' technology and market leadership.
Data protection is an important building block for the achievement of these strategic goals. ZEISS takes the protection of your personal data very seriously. ZEISS processes your personal data in accordance with the relevant legal requirements. Furthermore, the handling of personal data at ZEISS is based on the EU data protection principles. These provide for the greatest possible degree of transparency, observance of option, access rights and the lawful processing and transfer of personal data.
Each ZEISS company complies with the applicable data protection laws. In addition, the handling of personal data is stipulated for the entire ZEISS Group in a company directive. This serves to ensure that the ZEISS companies which handle personal data process your data properly and in compliance with the applicable laws. At the same time, our employees are instructed to refer to and comply with our data protection rules wherever personal data is requested.
The Group Data Protection Officer is responsible for creating and updating this Public Data Protection Guideline.
As part of our Quality Assurance procedures, the Group Data Protection Officer verifies the contents to make sure they are both accurate and up to date.
The Public Data Protection Guideline may be amended during the course of a year and must be submitted to a Quality Assurance process at least once every three years.
The Executive Board bears overall responsibility for ensuring that that data protection principles are upheld in its company. This includes making a visible commitment and a clear pledge to data protection. Die Geschäftsführung
The personal data processed by the ZEISS Group in physical and digital form is processed in compliance with the provisions of data protection law and the appropriate regulations.
By upholding the data protection laws and the applicable provisions, the ZEISS Group pursues the goal of maintaining and expanding the existing trust-based relationships with its customers, suppliers, service providers and employees. The ZEISS Group recognizes that data protection is highly significant for its business activity and operates a Data Protection Management System (DPMS) in line with these public data protection guidelines.
Data protection is a matter of course in dealing with personal data for the ZEISS Group and is therefore taken into account in all business processes and is fundamentally based on the requirements of the EU General Data Protection Regulation (GDPR). The relevant relevant national regulations and legislation supplement these basic requirements and are also observed by the ZEISS Group.
The ZEISS Group ensures that any processing of personal data is undertaken lawfully, i.e. that, for example, the person concerned has granted a valid authorization or the data is processed on another permissible legal basis.
Individuals whose personal data is processed by the ZEISS Group in line with the GDPR can rest assured that the ZEISS Group only collects, saves, uses and deletes their data in accordance with the GDPR and the other relevant legal provisions.
Individuals whose personal data is processed by the ZEISS Group in line with the GDPR are informed of their rights, the purpose of and the responsibilities for the processing during data collection in accordance with the GDPR and the other relevant legal provisions. If they exercise their right to information, they are provided with the relevant information in written form.
The purposes of the data processing are already defined by the ZEISS Group when personal data is being collected. Further processing for different purposes is possible in exceptional cases in so far as the purposes of the additional processing are compatible with the original purposes of collection and a legal basis exists for the additional processing.
The saved and used personal data is fit for the purpose and restricted to the extent which is necessary for the purposes of the processing.
Data relevant to data subjects is saved at the ZEISS Group in a form that enables a person to be identified for only as long as necessary for the purposes of the processing .
Personal data is processed in a way that ensures appropriate data security. This also comprises protection from unauthorized or illegal processing and from the unintended loss, destruction or damage of the personal data.
ZEISS provides the appropriate security through a variety of technical and organizational means. These measures are based on the state of the art and the defined protection level required. Risk-based data protection impact assessments lead to effective security measures such as restrictions on access to buildings where data is stored and electronic access to data, deletion concepts, secure encryption measures and measures for data back-up and emergency recovery.
The Executive Board is responsible for the establishment of an adequate data protection organization. It has appointed a person responsible to implement the data protection organization. This person serves as a central point of contact for the topic of data protection and is responsible, in particular, for introducing and maintaining the Data Protection Management System (DPMS) described in these public data protection guidelines and for working towards ensuring that the regulations stipulated therein are upheld in the company.
The following responsibilities and rights are transferred to the Corporate Data Protection Officer as part of his duties:
The introduction and maintenance of a DPMS supports the achievement of the data protection goals and the implementation of the basic data protection principles. This management system ensures that the employees of the ZEISS Group have the necessary knowledge of the data protection provisions and take the appropriate measures to safeguard the trust between the data subjects, the organization and the supervisory authorities.
The company develops and maintains a data protection management system which works towards making sure that the employees and contractors of the ZEISS Group uphold the data protection regulations and ensure compliance in relation to customers, employees, contractors, service providers and suppliers.