Privacy Policy

Privacy Policy for the Application Process

We, that is Festool GmbH (hereinafter referred to as “we” or “Festool”), are delighted by your interest in our company.

This privacy policy provides information about the processing of your personal data and your data protection rights

a) when accessing or visiting the website;

b) within the context of the application process.

Festool respects your privacy

The protection of your privacy when processing your personal data is an important matter to which we pay special attention during our business processes. We process personal data collected when you visit our websites confidentially and taking into account the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other legislation that applies (such as the German Works Constitution Act (BetrVG), General Act on Equal Treatment (AGG), etc.).

Festool applies a range of security measures to ensure the data we manage is protected against manipulation, loss, destruction, access by unauthorised individuals and unauthorised disclosure. Our security measures are continually improved in line with technological advances.

1. Who is responsible for processing?

The controllers for data processing in this context are the following companies:

TTS Tooltechnic Systems SE & Co. KG
Wertstrasse 20
73240 Wendlingen, Germany

Festool GmbH
Wertstrasse 20
73240 Wendlingen, Germany

Festool Deutschland GmbH
Wertstrasse 20
73240 Wendlingen, Germany

TTS Cleantec GmbH
Pionierstrasse 1
89257 Illertissen, Germany

TANOS GmbH
Pionierstrasse 1
89257 Illertissen, Germany

TTS Microcell GmbH
Hamburger Str. 20
49124 Georgsmarienhütte, Germany

A data protection officer has been appointed for all German companies of the TTS Group. You can contact the Data Protection team at datenschutz@tts-company.com. You can also ask the team for the personal contact details of the relevant data protection officer.

2. How do we obtain your personal data?

2.1. As a general rule, you can use our website without disclosing personal data to us directly. However, some data is obtained automatically whenever you visit our website. See clauses 3.2 to 3.4 for more information.

2.2. Your personal data needs to be collected and processed for the purpose of submitting an application. Your personal data is generally collected from you directly. Please note that, as part of the relevant application process, you must provide the personal data relevant for carrying out that application process. If you utilise your right to object in this regard or do not provide this data, we will not be able to process your application.

3. For which purpose and on what legal basis is data processed?

3.1. The data processing serves the purpose of initiating an employment relationship. The primary legal basis for this is section 26(1) of the German Federal Data Protection Act (BDSG).

3.2. Log data: Data obtained automatically includes web server log data. This data is used to investigate support cases and ensure stability and security. The primary legal basis for this is article 6(1)(f) of the General Data Protection Regulation (GDPR). Each data record consists of:

Date and time of the request
Client and server IP address, port and protocol status
The name of the file or site requested and the length of the request
Login information for the relevant web service, if you log in with a user account
Browser type and referrer (last page requested by the client)

This data is analysed for technical purposes solely on an anonymous basis. No statistical analysis is performed on this basis.

3.3. Cookies and other storage technologies: Your browser or device offers different options for storing small data records. These are hereinafter referred to collectively as “cookies”, but this also includes other types of browser storage. Cookies are small data records used to store certain information either in an unencrypted or encrypted format. Cookies are sent by the server to your computer, where they are stored, and may be transferred again when you access the website. Their primary purpose is to identify the computer from which a website has been accessed. If you log in to a website, cookies are used to notify the server of the login and check the permissions for accessing the page. Every cookie has an expiry date, after which it is no longer valid. The user’s path through various pages of the website and even across various websites can be tracked using cookies. By using cookies, we can improve communication between our server and your computer, thus making it easier to use a website. Cookies can be generated by both the website operator and third-party providers. Your browser gives you the option of displaying the cookies which exist on your computer, deleting existing cookies, or configuring the settings so that not all, or no further, cookies are stored. Please be aware that some functions will not work, or will not work properly, if you block cookies.

3.4 Cookies used: (The actual cookies used and their purpose must be added here. This can be done with the table below, for example, or with Cookiebot.)

4. Who receives your data?

Within our Group, only the individuals and bodies involved in the application process (e.g. divisions or internal service providers) receive access to your personal data.

If you have given your consent, we will also make your application documents available to other divisions in our Group. You will be notified if your application is forwarded to another recruiter in our Group.

External recipients: We only transfer your personal data to external recipients outside our Group if this is required for processing your application, if there is another legal basis for this, or if you have given your consent.

External recipients may include:

a) Service providers

We use different service providers for operating our systems. These are integrated in the process in line with the requirements set out in the GDPR.

b) Public authorities:

If we are required to transfer your personal data to authorities or public institutions (e.g. courts, financial authorities) for compelling legal reasons, this transfer is based on article 6(1)(c) of the GDPR.

c) Other external recipients:

We may also transfer your personal data to other recipients outside the Group (e.g. a bank) if this is required to fulfil our contractual or other statutory obligations.

5. Which data categories do we use?

The categories of processed personal data include but are not limited to:

Your personal master data (e.g. first and last name, address, gender, date of birth, profile picture)

Documents in the context of your application (e.g. certificates, CV)

Communication data (e.g. e-mail, (mobile) phone number)

Travel expenses (e.g. bank details) [RE1]

This may also include special categories of personal data such as health data. These are processed in accordance with section 26(3) of the German Federal Data Protection Act or article 9(2)(b), (h) of the GDPR in conjunction with article 6(1)(b) of the GDPR.

6. Automated decision-making

Automated decision-making as set out in article 22 of the GDPR does not occur.

7. How long is your data stored for?

As part of the application process, we will delete your personal data unprompted six months after the position for which you applied has been filled. You can withdraw your application or delete your profile, which will result in your data being deleted, or you can object to the processing of your personal data with effect for the future in your profile.

If you have received a type of compensation for expenses or similar from us as part of your application (e.g. reimbursement of travel expenses), this data may be subject to a mandatory retention period of up to ten years. In this case it is not your application itself that is stored for this retention period, but simply the information that you did apply.

8. What privacy rights can you exercise as a data subject?

8.1. Right of access by the data subject: You can obtain information on the data stored about you personally from the respective controller.

8.2. Right to rectification and erasure: You can demand that we rectify incorrect data and that we erase your personal data provided the legal requirements are met.

8.3. Restriction of processing: You can demand that we restrict the processing of your data provided the legal requirements are met.

8.4. Surrender of data: You can demand that we surrender the personal data provided by you in a structured, common and machine-readable format provided the legal requirements are met.

9. Do you have the right to object?

You have the right to object at any time to data processing by us. We will then stop processing your personal data unless there are – in accordance with statutory provisions – compelling legitimate grounds for the processing that override your rights.

10. Where can you complain?

You can lodge a complaint with the aforementioned data protection officer or the competent data protection supervisory authority.

11. Changes to this privacy policy

We reserve the right to make changes to this privacy policy from time to time. The revised privacy policy will come into effect immediately upon publication on our website. Please check the version number and the validity date of this privacy policy to determine whether any changes have been made since you last accessed the website.

Last revised: December 2025