Data Privacy Notice
Rolls-Royce Power Systems AG (“RRPS”) is pleased to welcome you to our websites and appreciates your interest in our company and its products and services. In addition to Rolls-Royce products, our portfolio also includes products marketed under the brand name mtu – a Rolls-Royce Solution (Rolls-Royce Solutions GmbH , hereinafter “mtu”).
This data privacy notice is to inform you of the way we will handle your personal data. It sets out how personal data is processed in the context of communications both via our websites and away from our websites, for example in the way contracts are executed.
Rolls-Royce Power Systems AG (“RRPS”) processes your personal data in its capacity as controller.
Contact details: Rolls-Royce Power Systems AG, Maybachplatz 1, 88045 Friedrichshafen, Germany
Represented by the Board of Management:
Dr. Jörg Stratmann, Chairman
Dr. Thelse Godewerth, CPO
Dr. Andreas Strecker, CFO
Register Court Ulm HRB 721 056
VAT registration number DE 253916018
2. Data Protection Officer
Contact details of our Group Data Protection Officer:
Rolls-Royce Power Systems AG, Maybachplatz 1, 88045 Friedrichshafen, Germany
3. Visiting our websites
When you visit our websites without actively contacting us, all instances of access are recorded in a log file on our web servers. The following data is captured: IP address of your client, date and time of access, name and URL of the file retrieved, pages visited, amount of data transferred, whether the retrieval was successful, video/audio viewed or listened to, clicks on individual links, search words or search phrases. The log file is stored for two months.
This data is processed for the purpose of presenting our web pages securely and to best effect from a technical point of view. The legal basis for processing the data here corresponds to our legitimate interest, article 6, paragraph 1, point (f), of the General Data Protection Regulation (GDPR). No person-related evaluations or reports are undertaken or produced.
3.1. Establishing contact using our contact forms
We only collect personal data pertaining to you – i.e. information that can be associated with you as an individual – if you provide us with this data yourself and enter into contact with us. This is the case if you enter your data in the input fields of the contact forms on our websites and send us inquiries.
Information that we absolutely need to process your inquiry is marked with an asterisk. You may also provide the remaining information voluntarily in order to make it easier for us to classify your inquiry.
We use your personal data only for communication with you and for processing your inquiry. The data will then be erased. The legal basis for processing the data is our legitimate interest in communicating with you at your request, article 6, paragraph 1, point (f), of the GDPR.
You may at any time object to the further storage and use of your personal data collected in the course of contacting us or revoke your request to be included in the press distribution list at any time. To do this, an e-mail to
or a letter to
Rolls-Royce Power Systems AG
will suffice. If you object or revoke your request, your data will be erased immediately. However, your inquiries can then no longer be processed.
3.2. Receipt of the mtu Report customer magazine and the mtu eReport newsletter
When you order our free customer magazine mtu Report or subscribe to the electronic newsletter mtu eReport, we process the data you provide to us.
In order to process your order and forward it to service providers who are involved by us as contractually bound data processors for this purpose, e.g. the customer magazine print shop.
We obtain your consent to this in advance. It is the legal basis for this data processing (article 6, paragraph 1, point (a), of the GDPR).
Your personal data will not be used in any other way or passed on to third parties. You may unsubscribe from the customer magazine or withdraw your consent at any time, by sending an informal message to
or by writing to
Rolls-Royce Power Systems AG
To unsubscribe from the newsletter you can use the unsubscribe link in the newsletters themselves. Once your withdrawal of consent has been received, your data collected during the ordering process is deleted immediately and will no longer be used. The customer magazine or newsletter will no longer be sent to you.
3.3. Personalized marketing communications
Based on your prior consent, we also process your personal data in order to provide you with relevant personalized marketing communications regarding topics of interest relating to mtu products and solutions, including technical articles, case studies, white papers, news articles, webinars, and videos. We provide these communications via e-mail; if you also provide us with your telephone number for this purpose, we or our local subsidiaries in your respective area may also call you to inform you about mtu products or mtu solutions via telephone.
The legal basis for this is article 6, paragraph 1, point (a), of the GDPR. We receive your consent particularly in the context of registering for gratuitous downloads of material on our websites or in the context of the registration for gratuitous webinars offered by third-party providers for which we deliver the content.
In order to tailor these marketing communications to your interests and preferences concerning our products and solutions, we use marketing tools to analyze data gathered by cookies and similar technologies when you use this website, as well as other information about your interests and preferences regarding mtu products and solutions which we collect due to your download of materials on our website, your registration for webinars or when you take notice of our marketing e-mails.
In particular, we use Pardot, a B2B marketing automation solution from Salesforce (based in the US), to 1) provide our prospective customers (known as ‘prospects’) with customized marketing communications and 2) qualify them as potential sales leads. We only collect and process data that has been provided to us on the basis of consent.
RRPS has agreed on corresponding EU standard contractual clauses with Salesforce. However, we would like to point out that an appropriate state level of data protection in the USA cannot be ensured and therefore access by US authorities cannot be ruled out (see ECJ ruling 16.07.2020 - C-311/18). Your data will therefore only be processed or passed on based on your consent.
The following data is collected by us:
- Information provided by prospects via forms on our landing pages.
- First name, last name, e-mail address, telephone number, company name, profession, solution requirements, , power requirements, facility/vessel/equipment types, project stage, etc.
The storage and processing of this data requires that all of the following conditions are met:
- The prospect provides his data on the basis of consent.
- This consent is obtained by clicking the "Informed consent" checkbox on the relevant landing page. For more information on "Informed Consent", please click on the link: Informed Consent.
- The consent process is completed via the double opt-in procedure (clicking on a link in a confirmation e-mail). If confirmation is not received, the previously collected data will be deleted.
You may at any time revoke this consent via e-mail email@example.com – you can also do this partly, specifically with regard to marketing communications via telephone – or by clicking on the unsubscribe links, which are provided at the bottom of each marketing e-mail. If you revoke your consent, your data will promptly be deleted, and we will stop providing you with the respective marketing communications. You can also object to the processing of your data for marketing purposes. We will then delete your data (except your e-mail address and the reason for your objection, in order to take account of your objection at any time) and stop sending you marketing communications.
You may apply to our company online or by electronic means. We process your applicant data exclusively for the purpose of the application procedure and delete it, if rejected, after completion. The legal basis is article 26, paragraph 1, sentence 1, of the German Federal Data Protection Act. Please note that e-mails which are sent in unencrypted form are not transmitted with access protection. We therefore strongly recommend that you send us your application documents either by encrypted e-mail or via the contact form on our career portal. Further details of the way applicant data is handled may be found in our separate data privacy notice on the career portal.
3.5. Cookies and similar technologies
To find out which cookies or similar technologies we use and how you can manage your cookie settings and deactivate certain types of tracking, go to our cookie settings, which you can access via “Cookie settings” at the bottom of each page.
Detailed information on all cookies used can be found here.
Pardot Cookies on mtu-solutions.com and Pardot Landing Pages:
Pardot cookies are only used when a visitor or prospect allows Pardot cookies to be tracked on mtu-solutions.com or one of our Pardot landing pages, which are identifiable by one of the following subdomains in the website URL:
For additional information regarding Pardot cookies, please click the link Pardot Cookies and Activity Tracking.
Pardot Cookie Opt-in Settings:
Opt-in is requested from all visitors to mtu-solutions.com or Pardot landing pages, regardless of their location. Tracking requires consent, so if visitors ignore the banner, no cookies will be used to track their activities. See Pardot reference page: Control Tracking Opt-In Preferences.
3.6. Social Media
We are also present on the platforms of the social networks Facebook, Twitter, LinkedIn and Xing. If you click on the respective icon on our website, you will be forwarded to our profiles there without personal data being collected by us. For personal data collected on the respective platform, the provider is the controller in terms of data protection.
3.7. Use of the GeoIP2 Country Database for Geolocation
This website uses the GeoIP2 Country database, which is provided by the provider MaxMind Inc. and hosted by a third-party provider of Rolls-Royce Power Systems. Maxmind GeoIP2 Country database is hosted within the European Union. In the GeoIP2 Country database, approximate location/geolocation data is assigned to the IP addresses used based on the country of origin of the IP address. In order to improve search results, to provide you with more relevant information and to pre-set certain website configurations tailored to you to make your visit to our sites more enjoyable (e.g. language settings), your IP address is used to determine your country of origin via the GeoIP2 Country database. Rolls-Royce Power Systems does not share these IP addresses with third parties. The geolocalisation is based solely on anonymised IP addresses. The precise location of visitors to the website is excluded. The data processing is based on our corporate interests resulting from the purpose of the processing and based on article 6, paragraph 1, point f) of the GDPR.
4. Processing of your data outside of these websites
We also process your personal data outside of these websites if you contact us in writing, by telephone or by e-mail with a request or inquiry and provide us with personal data (e.g. your contact details). Furthermore, we process personal data of yours if you or your company is a business partner, customer or service provider of ours, i.e. in a contractual relationship with us, for purposes of executing this contract, or if data processing is necessary for another reason, e.g. in the context of an application in response to an invitation to tender.
Depending on the context, your data will be processed on different legal bases within the meaning of article 6 of the GDPR. Depending on the context, this is in particular
1. your expression of consent pursuant to article 6, paragraph 1, point (a), of the GDPR (e.g. when requesting our customer magazine); or
2. where the processing is necessary for fulfilling a contractual relationship with us or for implementing precontractual measures which occur at your request, article 6, paragraph 1, point (b), of the GDPR (e.g. upon telephone request for the purpose of ordering a product); or
3. where the processing is necessary to comply with a legal obligation to which we are subject, article 6, paragraph 1, point (c), of the GDPR (e.g. compliance with legal obligations to retain records or obligations to provide information to authorities); or
4. where the processing is necessary to safeguard an overriding legitimate interest within the meaning of article 6, paragraph 1, point (f), of the GDPR (e.g. when asserting legal claims, in conducting internal and external investigations to identify, resolve and prosecute breaches of internal policies and/or legal requirements or for the video surveillance of our operating facilities to protect against unauthorized access).
RRPS and other affiliated companies house central functions of the RRPS Group – e.g. Marketing & Communications, Sales, Purchasing and central admin functions such as Legal, etc. – which act on behalf of the entire group and may process your personal data within this context. The processing of personal data by these central functions is also undertaken on the basis of the aforementioned bases in law. If, for example, when carrying out procurement processes or processing contracts, affiliated companies other than RRPS must also be involved because they perform central functions within the group, personal data is exchanged between the affiliated companies involved to the extent necessary. The legal basis for this is the overriding legitimate interest of the company in organizing internal administrative procedures efficiently – article 6, paragraph 1, point (f), of the GDPR.
The following categories of recipients may also receive your personal data:
- Service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data processing centre services, payment processing, IT security). These are usually processors with whom we have concluded corresponding data processing agreements.
- Print service providers (processors) in the context of sending e.g. information and newsletters in print form.
- Business partners (e.g. suppliers, distributors and service partners). The data transfer takes place on the basis of our legitimate interest (article 6, paragraph 1, point (f), of the GDPR) in the context of contract fulfilment in regard to our customers or for sales purposes on the basis of your consent (article 6, paragraph 1, point (a), of the GDPR).
- Service providers or persons used to carry out our business operations (e.g. auditors, banks, payment service providers, shipping service providers, insurance companies, legal advisors, parties involved in company acquisitions or the establishment of joint ventures). The legal basis here is article 6, paragraph 1, point (f), of the GDPR.
Government agencies/authorities, insofar as this is necessary to fulfil a legal obligation. The legal basis for the disclosure is then article 6, paragraph 1, point (c), of the GDPR.
5.2. Conditions for the transfer of personal data to third countries
In the context of your website visit and our business relationships, your personal data may be transferred or disclosed to third party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing will only take place on the basis of your consent or to fulfil our contractual and business obligations and to maintain your business relationship with us.
The European Commission certifies data protection comparable to the EEA standard in some third countries by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. Where this is the case, we ensure that data protection is sufficiently guaranteed. We generally use the standard contractual clauses of the European Commission and, if necessary, take further measures to protect your personal data.
5.3. Data security
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted in line with technological progress.
When you use our contact form, you also provide us with personal information about yourself. In order to prevent this data from falling into the wrong hands, we use end-to-end encryption for your personal data using the TLS method for data transmission (transport layer security). This is a proven, highly secure procedure for transmitting data over the Internet, provided that it is used – as is the case here – in line with state-of-the-art practice.
5.4. Storage of your data
Your personal data will always be stored as long as it is necessary for the respective purpose (e.g. fulfilment of contract), and shall then be erased in compliance with the statutory retention periods or, after the purpose has been achieved (e.g. fulfilment of the contract by both parties), restricted (blocked) for the necessary retention period in terms of processing, and then erased.
Your rights under Clause 15 are to be asserted in each instance against RRPS or against such other affiliated company as be responsible under data protection legislation. In any event, you may use the contact address given in Clause 1 above for this purpose.
5.5. Your rights
You have the right to request details of which personal data about you is stored.
You may request correction or amendment, erasure or restriction of processing (blocking) of your stored personal data as long as this is legally permissible and possible within the framework of an existing contractual relationship. Should statutory provisions not permit erasure, your data will instead be blocked (subjected to processing restrictions) in such a way as to make it accessible only for the purpose of complying with mandatory statutory provisions.
You may object to the processing of data for reasons arising from your particular situation if such data processing is carried out on the basis of our legitimate interests.
Should we process your data in order to conduct direct advertising, you may object to this advertising or promotion at any time with future effect (right to object to processing of personal data for marketing purposes). Please see the contact details in Clause 3.3 in this regard.
You are entitled to lodge a complaint with a supervisory authority. The following supervisory authority is responsible for RRPS: The Baden-Württemberg State Office for Data Protection and
Freedom of Information, P.O. Box 10 29 32, 70025 Stuttgart. E-mail: firstname.lastname@example.org; Online complaints form: https://www.baden-wuerttemberg.datenschutz.de/online-beschwerde/.
For complaints relating to data processing activities of our subsidiaries abroad, you can also submit a complaint to the relevant competent national supervisory authority.
You have the right to transfer the data you have provided to us on the basis of an expression of consent or a contract (data portability).
If you have given us an expression of consent to process your data, you may revoke this at any time in the same manner in which you gave it. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the time of withdrawal.
If you have any questions regarding the processing of your data or would like to assert your rights, please contact us by post or e-mail at the contact address given above (Clause 1).
5.6. Changes to this data privacy notice
The provisions of this data privacy notice in the version valid at the time on the homepage apply (cf. status and version of data privacy notice).
We reserve the right to amend and change the content of this data privacy notice. The updated data privacy notice shall apply from its date of validity (cf. status and version of the data privacy notice).
Version dated: January 2023