PERSONAL DATA PRIVACY POLICY

Updated April 2, 2024

 

1. Overview of personal data protection

We take the protection of your personal data very seriously and we process it in accordance with applicable statutory provisions.

Our privacy policy may be amended, supplemented or updated at any time, in particular to comply with legal, regulatory or technical developments. As such, your personal data will be processed in accordance with the privacy policy in force at the time of collection.

The following notes provide a clear overview of how we process your personal data when you visit our website (the “Website”).

What is personal data?

Personal data is any data that allows you to be personally identified, whether directly or indirectly. Further details on data protection may be found in our privacy policy (the “Policy”) set out below.

2. Data collection on our Website

Who is responsible for processing data on the Website?

Data processing on this Website is carried out by STAPPERT DEUTSCHLAND as the data controller, whose registered office is located at Willstätter Str. 13, 40549 Düsseldorf (Germany), registered in Commercial Register B of the Düsseldorf District Court under company number HRB 20 (hereinafter “STAPPERT”). STAPPERT may also be referred to as the “Company Concerned”.

How do we collect your data?

Firstly, your personal data is collected when you communicate it to us. This may be data you enter in a contact form, for example.

Secondly, data, including personal data, is automatically collected by our computer systems when you visit our Website. This is mainly technical data (e.g. traffic measurements, web browser, operating system or page view time).

What is your personal data used for?

Purpose

Legal basis

User account management

Contract performance or pre-contractual measures

Analysis of your needs

Contract performance or pre-contractual measures

Online chat and online contact form

Contract performance or pre-contractual measures

Management of quote requests and orders, delivery management and customer service

Contract performance

Invoicing

 

Contract performance

Customer and complaint management

Legitimate interest of data controller

Dispatch of newsletters

Consent

Direct marketing (by email and SMS) or promotional emailing

Consent (or legitimate interest in the case of active customers)

Customer satisfaction surveys

Legitimate interest of data controller

Dispatch of press releases and inclusion on mailing lists

Consent

Monitoring of the quality and continuous improvement of our products and services, including through the use of advanced data analytics technologies

Consent

Monitoring of our activities (reporting)

Legitimate interest of data controller

Response to any requests to exercise your personal data rights (see “Your rights” section below)

Compliance with a legal obligation of the data controller

Audit of STAPPERT in the event of a prospective asset disposal or purchase, merger, etc.

Legitimate interest of data controller

Strictly necessary cookies

Legitimate interest of data controller

Third-party cookies, analytics cookies, functional cookies, marketing cookies

Consent (see below)

 

3. Categories of data collected

Account creation, quote request, chat and request for information

We process the following categories of data: full name, email address, telephone number, company number, postal address, company JAC number, position, customer need, financial data.

 

Customer log files

We process the following categories of data: browser type and version, operating system, IP address, data regarding your visit to our Website (e.g. referring URL, sequence of clicks to, on and from our Website (including date and time), host name of accessing computer, date and time of server query, products/services viewed or searched, page response times, time on page).

4. Obligation to provide data

You only need to provide the data that is required for the business relationship with us or that we are legally obliged to collect. Without this data, we will not be able to enter into a business relationship with you or provide our services. Personal data that we necessarily require for the aforementioned purposes is marked as such.

 

5. Your rights

What are your rights with regard to your data?

At any time, you may exercise your right of access, rectification, erasure or portability in respect of the personal data we process, as well as, in certain circumstances, your right to restrict or object to processing under the conditions below, as well as the right to withdraw your consent where applicable.

You have the right to object at any time to direct marketing and profiling to the extent that it is related to such direct marketing and where we were not required to obtain your consent.

Furthermore, you have the right to define what happens to your personal data after your death.

You also have the right to file a complaint with the competent supervisory authority. In Germany, this authority is

„Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“

Kavalleriestr. 2-4

40213 Düsseldorf

Telephone: 0211/38424-0

Fax: 0211/38424-999

E-Mail: poststelle@ldi.nrw.de.

 

You may contact us at any time to exercise your rights by writing to our data protection officer, whose contact details are set out below in clause 8 of the Policy.

Withdrawal of your consent for certain processing of personal data

For processing that requires your consent, we will seek your consent. You may withdraw your consent at any time. For this purpose, you may contact our data protection officer, whose contact details are set out in clause 8 below. The legality of the data processing carried out until consent is withdrawn shall not be affected by such withdrawal. Withdrawal of consent does not call into question the legitimacy of the processing carried out prior to withdrawal.

Right to object to direct marketing

If your personal data is processed for the purpose of direct marketing, you may object to such processing at any time; this also applies to profiling to the extent that it is related to such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes.

Right of appeal to the competent supervisory authority

You have the right to refer the matter to a competent supervisory authority, in particular in the Member State of your usual residence, place of work or location of the alleged infringement. In Germany, this authority is „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“. For the authority’s contact details please see above.  

Right to data portability

You have the right, under certain circumstances, to request that the personal data we process automatically on the basis of your consent or in performance of a contract be transmitted to you or to a third party in a structured, commonly used and machine-readable format.

Access, blocking, erasure and rectification

In accordance with applicable statutory provisions, you have the right at any time to access your personal data and, where applicable, to rectify, block or erase such personal data.

Right to restriction of processing

You have the right to request the restriction of processing of your personal data while we respond to your request to exercise your rights.

Mandatory collection of some personal data

The information required to contact us or to subscribe to our newsletter is mandatory information, as specified in the relevant section of the Website (e.g. an online form). Without such mandatory information, we cannot allow you to use the corresponding features, or it will take longer to process your request.

6. Recipients of personal data

Your personal data will be processed within our company. Depending on the type of personal data, only certain departments/organizational entities have access to your personal data. These include specialized departments involved in the provision of our digital services, the corresponding business processes and our IT department.

We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include, but are not limited to:

  • affiliated companies to which we transmit personal data for internal administrative purposes;
  • commercial partners/service providers hired by us to provide services, which may require the processing of personal data (e.g. IT companies, software service providers, legal advisors, audit firms); and public and private bodies (e.g. the police, judicial authorities, tax authorities, social security departments and services), to the extent that we are legally required to transmit your personal data.

7. Data transfers to third countries

In general, we process your personal data within the European Union (EU) / the European Economic Area (EEA). As part of the use of certain listed tools, your personal data will also be transferred to a third country in compliance with the requirements of Art. 44 et seq. GDPR and appropriate safeguards, e.g. through the conclusion of data protection contracts adopted by the European Commission (e.g. standard data protection clauses) with the recipients, or through other measures provided for by law. A copy of the documentation of the measures taken by us is available on request.

8. Personal data storage period

We store your personal data for as long as it is necessary to fulfill the purposes referred to above, including for the applicable statutory limitation period. After these periods, we will delete your personal data.

Once the purposes have been achieved, personal data is archived. Thereafter, access is restricted such that the personal data is not accessible in an active database.

Purpose of processing

Period of storage in operational database

Archiving

Management of quote requests for products and services, including responses to customer diagnosis, delivery management and customer service

5 years from the last activity

5-10 years

Customer satisfaction survey

Duration of survey and processing

Statutory limitation period

Dispatch of press releases and inclusion on mailing lists

Until removal from mailing list

Statutory limitation period

Dispatch of newsletters

Until you unsubscribe from the newsletter

Statutory limitation period

Invoicing

7 years

Statutory limitation period

Customer and complaint management

Duration of the contractual relationship

Statutory limitation period

Use of user account

5 years from the last activity

5-10 years

Monitoring of the quality and continuous improvement of our products and services, including through the use of advanced data analytics technologies

Duration of the contractual relationship

Statutory limitation period

Monitoring of our activities (reporting)

Duration of the contractual relationship

Statutory limitation period

Response to any requests to exercise your personal data rights (see “Your rights” section below)

Management of request

Statutory limitation period

Audit of STAPPERT in the event of a prospective asset disposal or purchase, merger, etc.

Project completion

Statutory limitation period

Direct marketing (by email and SMS)

3 years from the last activity

n/a

Cookies/targeted advertising/advertisement profiling

Max. 13 months from placement of advertising cookies

n/a

 

9. Security

Risk of security breaches

We draw your attention to the fact that data transmission over the Internet (e.g. communication by email) may be exposed to security breaches. Data cannot be fully protected against third-party intrusion. STAPPERT implements state-of-the-art security measures within the framework of a duty of care.

SSL or TLS encryption

This Website uses SSL or TLS encryption for security purposes and to protect the transmission of confidential content, such as orders or requests that you send us in our capacity as the operator of the Website. You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the padlock symbol in your browser address bar.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

10. Contact

You may send any query regarding the processing of your personal data to our data protection officer, whose contact details are:

 

Dr. Michael Foth

IBS data protection services and consulting GmbH

Zirkusweg 1

20359 Hamburg

T +49 40 540909797

 

mfoth@ibs-data-protection.de

 

11. Profiling

We process personal data for the creation of customer profiles for the purpose of optimizing marketing campaigns, offers and services. We do not use procedures for automated decision-making / profiling that have a legal effect on you or significantly affect you in a similar way.

 

12. Cookies

Placement of cookies

Our Website sometimes uses cookies. Cookies do not damage your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, efficient and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them or until they expire. These cookies allow us to recognize your browser on your next visit.

Opting out of cookies

You may refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do so, you may not be able to use all the features of the Website.

You can set your browser to inform you about the cookie settings and to allow cookies only in individual cases, to accept cookies in certain cases or to exclude them generally and to enable automatic deletion of cookies when you close your browser. If cookies are disabled, the functionality of this Website may be limited. Options for managing cookies are described in your browser’s help menu:

Internet Explorer™: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d

Safari™: https://support.apple.com/guide/safari/manage-cookies-sfri11471/17.0/mac/14.0

Chrome™: https://support.google.com/chrome/answer/95647?hl=en&hlrm=de&sjid=2505656278083837245-EU

Firefox™: https://support.mozilla.org/en-US/products/firefox/protect-your-privacy/cookies

Server log files

The provider of the pages automatically collects and archives information in server log files that your browser automatically transmits to us.

Withdrawing your consent regarding the use of third-party cookies for analytical, functional and marketing purposes

We also use cookies to analyze your browsing behavior and third-party cookies. The related processing is only done, and cookies are only dropped subject to your prior consent. You can withdraw your consent at any time with effect for the future.

In the following chart you can see which cookies we use for which purpose and how long we store them:

Cookies

Purpose

Storage period

    1. Essential cookies

__cfduid

Identification of reliable web traffic

1 year

NSC_#

Web traffic distribution to optimize response time

1 day

PHPSESSID

Retention of user settings

Duration of the session

TawkWindowName

Website dialog box functionality

Duration of the session

Hl

Identification of Website locale

1 year

    1. Preferences

SS

Website dialog box functionality

Duration of the session

    1. Statistics

_ga

Recording of a unique identifier to generate statistical data on Website use

2 years

_gat

Google Analytics cookie to reduce the query rate

1 day

_gid

Recording of a unique identifier to generate statistical data on Website visit

1 day

_hjid

Unique session identifier for statistical purposes

1 year

collect

Sending data to Google Analytics about the visitor’s device and behavior. Tracking the visitor across devices and marketing channels

Duration of the session

TawkConnectionTime

Visitor recognition to optimize the operation of the dialog box

Duration of the session

tawkUUID

Analysis of the interaction between the user and the Website chat

6 months

    1. Marketing

_hjIncludedInSample

Determination of whether to include visitor browsing experience in the data sampling

Duration of the session

r/collect

Sending data to Google Analytics about the visitor’s device and behavior. Tracking the visitor across other devices and marketing channels

Duration of the session

 

13. Plugins and tools

YouTube

Our Website uses plugins from the YouTube service. The pages are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

In addition, YouTube may store various cookies on your device.

If you are logged into your YouTube account, you can allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.

You can find more information about the processing of user data in the YouTube Policy at: https://policies.google.com/privacy?hl=en.

Google Analytics

We use Google Analytics to analyze the website usage. The data obtained from this is used to optimize our website and advertising measures. Google Analytics is provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Data such as the pages viewed, orders including sales and products ordered, your behavior on the pages (e.g. length of stay, clicks, scrolling behavior) or your approximate location (country and city) is processed. It is possible that this data is transferred to Google servers in the USA. For more information on respective safeguards please see above 7.

For more information on the management of user data in Google Analytics please see https://support.google.com/analytics/answer/6004245?hl=en and https://policies.google.com/privacy?hl=en.

 

Google Maps

Our Website uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. We do not have any influence on this data transfer.

For more information on how we process user data, please see the Google privacy policy: https://policies.google.com/privacy?hl=en.

Google reCAPTCHA

We use “Google ReCAPTCHA” (hereinafter “ReCAPTCHA”) on our Website. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

The purpose of reCAPTCHA is to check whether the data entered on our Website (e.g. in a contact form) is inputted by a person or by an automated program. For this purpose, reCAPTCHA analyzes the user’s behavior on the basis of various characteristics. This analysis starts automatically as soon as the visitor enters the Website. As part of the analysis, reCAPTCHA evaluates various pieces of information (e.g. IP address, length of stay on the Website or the user’s mouse movements). The data collected during the analysis is transmitted to Google.

You can find more information about Google reCAPTCHA and Google’s privacy policy at the following links:

https://policies.google.com/privacy?hl=en and

https://www.google.com/recaptcha/intro/android.html.