Data protection

Data protection principles

You can rely on us to protect and safeguard your personal data. Protecting your privacy in the processing of personal data is a matter of importance to us. The following data protection principles provide you with an overview of the processing of your data and your rights under data protection laws when using the Group’s services and products.

1. Who is responsible for the data processing and who can we turn to?

The following are responsible:

Imprint

Stiebel-Getriebebau GmbH & Co.KG
Industriestraße 12, D-51545 Waldbröl
E-mail: info@stiebel.de

Stiebel Ing. Service GmbH & Co.KG
Friedrich-Engels-Straße 22, D-51545 Waldbröl
E-mail: info@stiebel.de

If you have any questions about data protection, please contact us at:

E-mail: datenschutz@stiebel.de

2. What sources and data are used?

We process personal data which we obtain in your use of the website, the use of our portals, subscription to newsletters and in our business relationship from our customers, business partners and visitors to our Website.
Personal data processed by us is in particular personal details (e.g. name, address, telecommunications data, date and place of birth, marital status), identification data (e.g. ID card, login data), contract data, advertising and sales data, documentation data, register data and similar data.

3. For what purposes do we process your data and on what legal Basis?

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR), the German Data Protection Act (BDSG) and other applicable legal regulations.

You can use virtually our entire website without us requiring any personal data from you. However, the offers and services stated below and which you can find on our website do require the disclosure of personal data in order to be used.

3.1 General communication, use of the portals and newsletters – for the performance of contractual obligations and on the basis of your consent:

• General communication, in particular via the contact form
• Processing of other enquiries
• Use of our portals
• Newsletter

The processing of your personal data in this connection is generally required so that we can conclude and execute a contract with you or can enter into a pre-contract relationship with you. You are not required by law to provide your personal data, but without this data we cannot execute the respective contract with you. The legal basis for the processing is provided by Art. 6 Para. 1 Subpara. 1 Letter f GDPR. This provision allows the processing of personal data if the processing is necessary for the performance of a contact to which the data subject is party or in order to take steps prior to entering into a contract.

If you have given us consent to process personal data for specific purposes (e.g. delivery of newsletter), this consent provides the legal basis for the data processing (Art. 6 Para. 1 Subpara. 1 Letter a GDPR). Any consent given can be withdrawn at any time. This also applies for the withdrawal of declarations of consent which were made to us before the GDPR entered into force, i.e. before the 25 May 2018. The withdrawal of consent will not affect the lawfulness of the data processing which took place before the withdrawal.

3.2 Analysis of the user behaviour and direct marketing – to protect legitimate interests:

• Examination and optimisation of needs-analysis processes for the purpose of addressing customers directly
• Advertising or market and opinion research, unless you have objected to the use of your data
• Measures for the management of the business and further development of services and products

The legal basis for the processing of your personal data in this connection is provided by Art. 6 Para. 1 Subpara. 1 Letter f GDPR, if we have not obtained consent in a given case. According to this, the processing of personal data is allowed if this is necessary to protect legitimate interests, unless these are overridden by the interests or specific rights of the data subject in not processing the personal data. We have a legitimate interest in focusing our offers on customer behaviour and optimising these offers. We are of the opinion that these interests are overriding, because as an international company we have to control and optimise our offers and products in order to meet the demands placed on us. Focusing on our customers allows us to offer and optimise services and products that meet the needs and interests of our customers. We protect the data concerned and therefore do not see any overriding disadvantages for you.

Anonymised data is captured and processed further on this website using the analysis tool surfersIdent for optimisation and analysis of our website on a continuous basis. Pseudonyms are generated with this for the purposes of creating anonymous user profiles. The data is not under any circumstances used for the purposes of identifying a visitor personally (provided that this is technically possible in the first place) or connected with the data on the bearer of a pseudonym. If you do not consent to this service then please click on the link below in order to object to any use of your visitor data and to stop website tracking completely: [Link]

This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses cookies, i.e. text files which are stored on your computer and which enable analysis of your use of the website. The information produced through cookies on your use of this website (including your IP address) is transmitted to a Google server in the USA, where it is stored. Google will use this information for the purposes of evaluating your use of the website, collating reports on website activities for the website operators and providing further services associated with use of the website and of the Internet. Google will also transmit this information if necessary to third parties, provided that this is required by law or provided that these third parties process this data on behalf of Google. Goggle will not under any circumstances allow your IP address to be associated with other Google data.

 

You may prevent cookies from being installed by using the corresponding setting for your browser software; however, we must advise you in this case that you may not be able to use all of the functions on this website to their full extent. By using this website you consent to the processing of the data captured on you by Google in the manner described above and for the aforementioned purpose. You can opt out of the collection and storage of data at any time with effect for the future. [Link]

In view of the discussion on the use of analysis tools with complete IP addresses we would like to point out that this website uses Google Analytics with the extension "_anonymizeIp()", and therefore only truncated IP addresses are processed so that no direct link to the individual is possible.

3.3 Risk management and compliance – to protect legitimate interests:

• Assertion of legal claims and defence in legal disputes
• Prevention and investigation of criminal offences
• Ensure IT security and the IT operation
• Risk control in the Group

The legal basis for the processing of your personal data in this connection is provided by Art. 6 Para. 1 Subpara. 1 Letter f GDPR. Our legitimate interest lies in complying with the applicable legal regulations, maintaining the security of our IT systems and, in the event of breaches of legal requirements or security regulations, reacting appropriately to such circumstances, for instance in the form of asserting legal claims. We are of the opinion that these interests are overriding because we, as a company, are subject to a significant number of regulatory requirements and have a responsibility towards our customers to ensure that the relevant requirements and security regulations are complied with. We protect the data concerned and therefore do not see any overriding disadvantages for you.

3.4 Cookies

Data is collected on this website in anonymised form for the continual optimisation and for the analysis of our website. Under no circumstances is the data used for the purposes of identifying a visitor personally (provided that this is technically possible in the first place) or connected with the data on the bearer of a pseudonym.
Your browser also stores cookies. These are files which are intended to make surfing on the Internet more user-friendly. You can stop cookies from being stored by using the appropriate browser settings.

3.5 Use of Web Fonts

We use external fonts on our website: so-called Google Web Fonts. Google Fonts is a service of Google Inc ("Google"). The integration of these Web Fonts is achieved by server call, usually of a Google server in the USA. In this way, information on which of our websites has been visited by you is transmitted to the server. The IP address of the browser of the terminal device of the websites’ visitor is also stored by Google. For further information, please refer to Google’s privacy policy available here:

www.google.com/fonts#AboutPlace:about

www.google.com/policies/privacy

4. Who receives your data?

Within the Group, those positions which need access to your data in order to meet our contractual and legal obligations are given access to this data. Service providers and vicarious agents employed by us can also receive data for these purposes, if they respect data privacy. With regard to the disclosure of data, we are under obligation to maintain confidentiality concerning all customer-related facts and assessments which we become aware of.

We only disclose information about you to third parties if statutory regulations require this, you have given your consent or we are entitled to disclose the information for other reasons. Under these conditions, the following can receive personal data:

• Public bodies and committees, German federal and state ministries, tax authorities and administrative bodies if there is a legal or regulatory obligation.
• Service providers who process data on our behalf (e.g. computer centres).

Other bodies can also receive data if you have given us your consent to transfer data to them or if you have given us permission to disclose your data in an agreement or declaration of consent.
If you require further information on individual recipients, please contact us.

5. How long is your data stored?

The length of time that your data is stored depends on the respective purpose of the processing. It is not possible to list the various retention periods here in a reasonable format. The criteria for determining the respective retention periods in a specific individual case are as follows:

• If we process data solely for the purpose of the execution of a contractual relationship, we store the data for the duration of the contract relationship.
• If we process data in connection with anticipated legal disputes, we store the data until the final conclusion of the court proceedings or until the claims in question expire under the relevant civil law regulations. The normal limitation period is three years.
• We are also subject to various retention and documentation obligations under the German Commercial Code (HGB), the Tax Code (AO) and the Money Laundering Act (GwG). The retention and documentation periods specified by these are two to ten years.
• If you use the online version of the electronic form book, the data entered will only be held for the time you use the applications on our server in the main memory after the start of the session for currently one hour. Data is not stored on either a temporary or permanent basis.

6. What data protection rights do you have?

Provided that the legal conditions are met, you have the following rights pursuant to Art. 15 to 22 GDPR:

• Right to information pursuant to Art. 15 GDPR, i.e. the right to receive from us confirmation whether personal data relating to you is stored, and, if this is the case, information about this data and other information;
• Right to correction pursuant to Art. 16 GDPR, if personal data relating to you is incorrect;
• Right to deletion pursuant to Art. 17 GDPR, for instance, if the personal data is no longer required for the purposes for which it was processed;
• Right to restriction of processing pursuant to Art. 18 GDPR

For the right to information and the right to deletion, the restrictions apply pursuant to §§ 34 and 35 GDPR.

You also have the right to complain to a data protection supervisory authority (Art. 77 GDPR).

Right to withdraw your consent

You can withdraw any consent given to data processing at any time. However, this will not affect the lawfulness of the data processing which took place before the withdrawal. If you withdraw your consent or if you effectively object to further processing on the basis of your consent, we will no longer process the data for these purposes.

Information about your right to object

If we process personal data for direct marketing purposes, you can object at any time to the processing without stating reasons.
The objection can be made in any form. Please send your objection to:

• By post:
Stiebel-Getriebebau GmbH & Co.KG, Industriestraße 12, D-51545 Waldbröl

or to

Stiebel Ing. Service GmbH & Co.KG, Friedrich-Engels-Straße 22, D-51545 Waldbröl

• By e-mail:
info@stiebel.de

Right to object on grounds relating to a particular situation pursuant to Art. 21 of the General Data Protection Regulation (GDPR)

You have the right to object at any time to processing of your personal data which is based on a balancing of interests (Art. 6 Para. 1 Subpara. 1 Letter f GDPR) on grounds relating to your particular situation which argue against this data processing. This also applies for automated individual decision-making (Art. 22 GDPR). If you object, we will no longer process your personal data for these purposes, unless we can provide proof of compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercising or defence of legal rights.

Right to object pursuant to § 15 of the German Telemedia Act

Pursuant to § 15 of the German Telemedia Act (Telemediengesetz), website visitors can object to the anonymised storage of their visitor data so that it is no longer collected in future.