Data Protection
Responsible person:
STC Schmahl Technologie-Center GmbH & Co. KG
Eichenallee 4
24589 Nortorf, Germany
Commercial Register No.: HRA 11803KI
Managing Directors: Martin Schmahl, Wolfgang Schmahl
phone: +49 4392 91240
info@stc-gmbh.com
If you have questions regarding our privacy policy, please contact:
datenschutz@stc-gmbh.com
Last update: 28.10.2018
- Basic information about data processing and legal framework
- This data privacy statement will clarify for you the type, scope and purpose of processing of personal data within our website and the associated pages, functions and contents (hereinafter collectively referred to as "website"). The data privacy statement shall apply regardless of the domains, systems, platforms and devices used (e.g. desktop or mobile) to host the website.
- For the terms used such as "personal data" or their "processing", please refer to the definitions in the art. 4 of the General Data Protection Regulation (GDPR).
- Personal data of users processed on this website include inventory data (e.g. names and addresses of customers), contract data (e.g. services used, names of consultants, payment information), usage data (e.g. the visited pages of our website, interest in our products) and content-related data (e.g. entries in the contact form).
- The term "user" encompasses all categories of persons affected by the data processing. They include our business partners, customers, interested parties and various visitors of our website. The terms used such as "user" shall be neutral in gender.
- We process personal data of users only in compliance with the relevant data protection provisions. This means that the data of users is only processed if legal consent is granted. In other words, user consent must be available especially if the data processing is necessary for the performance of our contractual services (e.g. processing of orders) as well as online services or is legally required, as well as based on our legitimate interests (that is, interest in the analysis, optimisation and economic operation and security of our website in the context of art. 6 para. 1f GDPR, especially with regard to audience measurement, creation of profiles for advertising and marketing purposes as well as collection of access data and utilisation of services of third-party providers).
- Please note that the legal framework for consent can be found in art. 6 para. 1a and art. 7 GDPR, that for processing for the performance of our services and execution of contractual activities in art. 6 para. 1b GDPR, that for processing for the fulfilment of our legal obligations in art. 6 para. 1c GDPR, and that for processing to safeguard our legitimate interests in art. 6 para. 1f GDPR.
- Security measures
- We take organisational, contractual and technical safety measures according to the state of the art to guarantee that regulations of data protection laws are followed and to protect the data we process from random or premeditated manipulation, loss, destruction or access by unauthorised persons.
- These security measures, in particular, include the encrypted transmission of data between your browser and our server.
- Sharing of data with third parties and third-party providers
- Data is shared with third parties only in compliance with statutory requirements. We only forward the data of users to third parties if this is necessary for contractual purposes, for example based on art. 6 para. 1b GDPR, or on the basis of legitimate interests pursuant to art. 6 para. 1f GDPR for the efficient and effective operation of our business.
- When we use subcontractors to provide our services, we take suitable legal precautions as well as appropriate technical and organisational measures to ensure the protection of personal data according to the relevant statutory regulations.
- If the contents, tools or miscellaneous media of other providers (hereinafter collectively referred to as "third-party providers") are used within the context of this data privacy statement and they are based in a third country, it is to be assumed that data transfer shall take place in the home state of the third-party provider. Third countries are countries where the GDPR is not directly applicable law, that is, basically countries outside the EU or the European Economic Area. Data is transmitted to third countries if there is an appropriate level of data protection, user consent or otherwise legal permission.
- Performance of contractual services
- We process inventory data (e.g. names and addresses as well as contact information of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfillment of our contractual obligations and service activities pursuant to art. 6 para. 1b GDPR.
- Contact details
- When establishing contact with us (e-mail), information about the user is used to process and execute the request pursuant to art. 6 para. 1b GDPR.
- User information can be stored in our customer relationship management system ("CRM system") or a comparable request management system.
- Collection of access data and log files
- On the basis of our legitimate interests in the context of art. 6 para. 1f GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, transferred amount of data, notice of successful delivery, browser type together with version, the operating system of the user, referring URL (the previously visited page), IP address and the inquiring provider.
- For security reasons (e.g. in order to clarify cases of abuse or fraud), log file information is stored for a maximum period of seven days and is then deleted. Data which must be stored beyond that period for evidentiary purposes is excluded from the deletion until the relevant incident has been clarified.
- Cookies and audience measurement
- Cookies are informations that is transmitted from our web server or web servers of third parties to the web browser of users and is stored there for later access. Cookies can be small files or miscellaneous types of information storage.
- We use "session cookies" that are only stored for the duration of the current visit of our website (e.g. in order to facilitate the storage of your login status or the shopping cart function and thus the use of our website). A session cookie stores a randomly created unique identification number, a so-called session ID. Moreover, a cookie contains information about its origin and the storage period. These cookies can store no other data. Session cookies are deleted when you finish using our website and, for example, log out or close the browser.
- Users are notified about the use of cookies as part of anonymous audience measurement in the context of this data privacy statement.
- If users do not wish to have cookies stored on their computer, they are asked to deactivate the relevant option in the system settings of their browser. Stored cookies can be deleted in a browser's system settings. The exclusion of cookies can cause this website to malfunction.
- You can oppose the use of cookies used for audience measurement and advertising purposes through the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally through the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).
- Google Analytics
- We utilise Google Analytics, a web analysis service of Google Inc. ("Google"), on the basis of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our website in the context of art. 6 para. 1f GDPR). Google uses cookies. Information generated by the cookie about the user's utilisation of the website is usually transmitted to a Google server in the US and stored there.
- Google is certified under the Privacy Shield Agreement, thereby offering a guarantee that it will abide by the European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google will use this information in our order to evaluate the use of our website by users, to compile reports about activities within this website and to provide us with additional services related to the use of this website and Internet usage. In doing so, anonymous usage profiles of users can be created from the processed data.
- We use Google Analytics only with activated IP anonymisation. This means that the IP address of users is truncated by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only by way of exception is the full IP address transmitted to a Google server in the US and truncated there.
- Google does not combine the IP address transmitted from the browser of the user with other data. Users can prevent the storage of cookies by entering a corresponding setting in their browser software. In addition, users can prevent the collection in Google of data generated by the cookie and related to their use of the website as well as the use of this data by Google by downloading and installing the browser plugin available in the following link: tools.google.com/dlpage/gaoptout.
- You can find more information about data utilisation by Google, settings and opt-out possibilities on the websites of Google: www.google.com/intl/de/policies/privacy/partners ("data utilisation by Google during your use of websites or apps of our partners"), www.google.com/policies/technologies/ads ("data utilisation for advertising purposes"), www.google.de/settings/ads ("managing information that Google uses to show you ads").
- Involvement of third-party services and content
- On the basis of our legitimate interests (that is, interest in the analysis, optimisation and economic operation of our website in the context of art. 6 para. 1f GDPR), we use within our website the content or service offerings of third-party providers in order to integrate their content and services such as videos or fonts (hereinafter jointly referred to as "content"). It is always assumed in this instance that the third-party providers of this content are aware of the IP address of users since they could not send the content to their browser without the IP address. The IP address is necessary for this content to be displayed. We endeavour to use only such content whose respective provider uses the IP address only for the delivery of the content. Third-party providers can also use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. Information such as visitor traffic on pages of this website can be analysed using pixel tags. In addition, anonymous information can be stored in cookies on the device of users and contain, among others, technical information about the browser and operating system, referring websites, visiting time as well as other information about the use of our website, and can be associated with such information from other sources.
- The following diagram shows an overview of third-party providers as well as their content, together with links to their data privacy statements which contain additional information about data processing and the already aforementioned possibilities of appeal (so-called opt-out):
- External fonts of Google, Inc., www.google.com/fonts ("Google Fonts"). Google fonts are integrated by a server call at Google (usually in the US). Data privacy statement: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.
- YouTube videos of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data privacy statement: www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads/.
- External code of the JavaScript framework "jQuery", provided by the third party-provider jQuery Foundation, jquery.org.
- Rights of users
- Users have the right to receive, upon request and free of charge, information about the personal data that we have stored about them.
- In addition, users have the right to have inaccurate data corrected, processing restricted and their personal data deleted, when appropriate, to enforce their rights to data portability and, in case of assumption of unlawful data processing, to file a complaint with the competent regulatory authority.
- Users can likewise revoke consent, basically with effect for the future.
- Deletion of data
- Data that we store is deleted as soon as it is no longer needed for its intended use and the deletion is not in breach of any statutory retention requirements. If data of users is not deleted because it is needed for other legally permissible purposes, the processing of such data is restricted. This means the data is blocked and is not processed for other purposes. The shall apply, for example, to data of users which must be kept for commercial or tax-related reasons.
- Pursuant to statutory requirements, data is safeguarded for 6 years according to section 257 para. 1 of the German Commercial Code (HGB) (account books, inventories, opening balance sheets, financial statements, business letters, accounting records, etc.) as well as for 10 years pursuant to section 147 para. 1 of the German Tax Code (books, notes, position reports, accounting records, commercial and business correspondence, taxation-relevant documents, etc.).
- Right to object
Users can object to the future processing of their personal data at any time pursuant to statutory requirements. In particular, the objection can be against processing for purposes of direct advertising. - Amendments to the data privacy statement
- We reserve the right to amend the data privacy statement to adapt it to a changed legal situation or in case of changes in service and data processing. However, this shall only apply to statements about data processing. If user consent is necessary or parts of the data privacy statement contain regulations pertaining to the contractual relationship with users, the changes are only made with the approval of users.
- Users are requested to read the contents of the data privacy statement on a regular basis.