Data protection has high priority for Infineon. We pursue the clear goal of processing personal data of employees, customers, suppliers, shareholders and any other partners in accordance with applicable data protection laws at all times. Infineon does not accept processes, procedures, practices or systems that collect, process, or use personal information unlawfully.

With our Data Protection Management System (DPMS), which we have been successfully operating and continuously improving for many years, we follow a structured and systematic approach that ensures compliance with applicable data protection regulations like the GDPR, CCPA/CRPA, PDPA, PIPL etc. worldwide. Infineon regularly reviews and optimizes all elements of the DPMS.

• A designated department responsible for compliance with privacy and personal data protection, supported by local Data Protection Officers in every country where Infineon operates
• A global data protection rule including supplementary documents and guidelines, which applies to all Infineon employees and operations worldwide
• Supplier assessment program ensuring that only service providers/processors are engaged who meet regulatory and internal privacy requirements and provide sufficient guarantees for the protection of the personal data and rights of the data subjects
• Contractual framework that ensures that personal data transfers are done in full compliance with regulatory requirements worldwide
• Global mandatory training and awareness program that ensures adequate awareness level for all employees and contractors dealing with personal data
• Established process for reporting violations of the policy. Reports can also be made anonymously. Negligent or intentional violations of the privacy policy lead to disciplinary action
• Global Data Breach Process that ensures promptly assessment and initiation of appropriate corrective and preventive measures
• Operation, maintenance, and regular review of the ‘Records of Processing Activities’; Performance of ‘Data Protection Impact Assessments’ (DPIA) and ‘Transfer Impact Assessments’ (TIA) in full accordance with regulatory requirements
• Established processes for fulfilling information obligations and ensuring lawful and adequate handling of data subject requests as well as the fast handling of inquiries and complaints
• Strong technical and organizational measures ensuring high security of processing, including ‘Privacy by Default & Design’ practices and processes
• Data Protection risk management fully integrated into the Company Risk Management Process, including quarterly risk reviews and adaptions
• Mature audit program covering internal and external audits to ensure adherence to internal and external data protection regulations
• Review and assessment of our privacy compliance program by independent auditors

Detailed information about personal data that Infineon processes for which purposes and based on which legal basis are available in our Privacy Policy.

The policy includes information about data subject rights and detailed information on Infineon’s portals and cookies that might be used, provided that users have expressly consented to them. Please be assured that Infineon neither sells personal data nor uses personal data for unlawful purposes.

Infineon has not received any substantiated complaints received concerning breaches of customer privacy or identified any leak, theft or loss of customer data.