Data Protection in the MAN Group
Find out who you can contact in data protection matters and how MAN ensures protection of personal data worldwide.
MAN takes protection of personal data very seriously. In order to ensure compliance with the data protection provisions in force and maintain a high and uniform level of protection for personal data worldwide, the Executive Board of MAN SE has enacted a policy about handling personal data and data protection organization that is applicable throughout the Group. 1
Contacts
The MAN Group companies in Germany have appointed data protection officers (“Datenschutzbeauftragte”) in line with German Federal Data Protection Act (“Bundesdatenschutzgesetz”). Following the German data protection officer model, we have appointed data protections coordinators at Group companies outside Germany in line with our Group policy.
If you have any questions about how your personal data is handled or about data protection at MAN in general, please contact your data protection officer (Germany) or data protection coordinator (outside Germany). In the event of any doubt, contact the MAN SE data protection officer. The names and contact details can be found in the following list:
Processing principles
The Group policy on data protection declares and concretizes the data protection principles applicable in Germany and Europe as worldwide standard at MAN:
- Purpose limitation: We only process personal data for the specific purpose for which it was collected.
- Legitimate grounds: We demand legitimate grounds for any processing, e.g. processing must be necessary to fulfill a contract with the person concerned. If consent serves as legitimate grounds, it must be granted expressly, voluntarily, and on an informed basis.
- Proportionality: We only process personal data if it is suitable to achieve a legitimate purpose, if there is no less severe means, and if there are no overriding legitimate data subject interests. In so doing, we observe the principles of data avoidance and data economy.
- Transparency: We ensure that processing of personal data is transparent for the data subject.
- Direct collection: We collect personal data directly from the data subject and not from a third party.
- Data quality: We ensure that personal data is correctly collected and updated.
- Data security: We take appropriate technical and organizational measures to protect personal data from unauthorized processing, destruction, or loss.
- Deletion: Personal data that is no longer required is deleted (no holding of data in stock)
- Rights of data subject: We grant data subjects the right to request information about the data that we have stored on them, to correct any data that is inaccurate, and to have data that is no longer required deleted. Data subjects may object to their data being processed, especially for marketing or advertising purposes.
- Data processors: We only transfer personal data to data processors on the basis of strict contractual agreements.
You can download our entire Group policy on data protection here:
Group policy on data protection
The Group policy lays down Group-wide fundamental rules for data protection that are supplemented and concretized by work instructions.
Our data protection program
Our employees are made familiar with the data protection rules in our worldwide online and face-to-face training sessions. Special risk assessments help us to regularly define the areas on which our data protection program focuses. We check compliance with data protection rules in audits. We keep a worldwide inventory in which the MAN Group’s data flows, data processing procedures and data protection agreements are documented.
The MAN Group's data protection program is developed and coordinated by MAN SE’s Compliance Data Protection department.
1 The policy does not apply to RENK AG and its subsidiaries
