PRIVACY POLICY
1 Privacy Policy
The protection of your personal data and the preservation of your privacy is important to us. We promise to handle your data sensitively and carefully and to ensure a high level of data security. Consequently, we consider it a matter of course to comply with the legal provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and any other applicable data protection regulations.
This privacy policy sets out the key aspects of data processing within the context of our website.
2 Contacts
2.1 Name and address of the controller
The controller, as defined in data protection legislation, is as follows:
STOBAG AG
Pilatusring 1
5630 Muri
Schweiz
Tel.: + 41 (0)56 675 42 00
E-Mail: stobag.datenschutz@infosec.ch
Webseite: www.stobag.com
Please address any inquiries in connection with data protection only to this address. This will make it easier for us to process them.
2.2 Contact details of the data protection consultant
Our data protection consultant is:
Swiss Infosec AG
Centralstrasse 8A
6210 Sursee
Switzerland
E-Mail: stobag.datenschutz@infosec.ch
2.3 Name and address of representative in the EU
The EU representative of the controller is as follows:
STOBAG Alufinish GmbH
Bahnhofstrasse 12-14
79793 Wutöschingen-Horheim
Germany
Phone: +49 (7746) 885 0
E-Mail: info@stobag-alufinish.de
Website: www.stobag-alufinish.de
3 Scope and purpose of the collection, processing and use of personal data
The GDPR defines personal data as “any information relating to an identified or identifiable natural person”. We collect, process and use your personal data for the following purposes:
3.1 Visiting the website
When you access the STOBAG website, our servers automatically store the following data
temporarily in a log file, the so-called server log files.
This includes, for example, your IP address, the date and time of your visit, the name of the file accessed, the amount of data transferred, the web browser and operating system used and other similar information used for security purposes in the event of attacks on our IT systems.
This data is processed for the purpose of enabling the use of our websites (establishing a connection), ensuring long-term system security and stability, optimizing our services and for internal statistical purposes. These purposes also constitute our legitimate interest in the temporary storage of your personal data and log files.
This data will not be stored together with other personal data. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. When collecting your personal data for the purpose of displaying the website, this is the case when the relevant browsing session comes to an end.
3.2 Contact
On our website you have the option to contact us via a contact form and/or by e-mail. In this case, the information you provide will be processed for the purpose of handling your request.
When you contact us via the contact form, we collect various data. The specific data we collect can be seen on the respective contact form. Some of the data to be provided is mandatory so that we can process your request.
The voluntary provision of further data makes it easier for us to process your inquiry and enables us to provide you with more detailed information.
The personal data you provide will not be merged with other data.
The basis for the processing of your personal data is our legitimate interest in processing your request. If the purpose of the contact is to fulfill a contract to which you are a party or to carry out pre-contractual measures, this is an additional basis for the processing of your personal data.
You can object to this data processing at any time. Please send your objection to the following e-mail address: stobag.datenschutz@infosec.ch and we will follow up with your request. In such cases, your request will not be processed further.
Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected. As regards the personal data from the input screen of the contact form and personal data sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been resolved or when a conversation is discontinued due to your objection.
3.3 Marketing purposes
We also use your personal data on the basis of our legitimate interest for the following purposes:
- To maintain a customer relationship with you
- To continuously improve your shopping experience and make it customer-friendly and personalized
- To contact you about your orders
- To keep you up to date regarding specific products and promotions
- To recommend products or services that may interest you
If you do not want this, you can object at any time to the processing of your personal data for the purpose of direct marketing. If you object, we will no longer process your personal data
for this purpose. Please send your objection to the following e-mail address: stobag.datenschutz@infosec.ch.
3.4 Market research
We do not use the data collected within the scope of market and opinion research for advertising purposes. You will find detailed relevant information (especially on the processing of your data) in the respective survey or wherever you provide your data. Your answers to surveys are not passed on to third parties or published.
Your consent is the basis for the processing of your personal data.
3.5 Fulfillment of contractual obligations
For the purpose of fulfilling our contractual and pre-contractual obligations, we process inventory data (e.g. names and addresses as well as contact data) and contract data (e.g. services used, names of contact persons, payment information). In order to provide our services, we also process personal data of the contact persons of our customers, service providers and suppliers outside of our website. We use the contact data we collect primarily to
prepare, conclude and execute contracts with our customers, service providers and suppliers, in particular for the manufacture, delivery, repair and return of the products we offer.
The basis for the processing of your personal data is the fulfillment of a contract to which you are party or the implementation of pre-contractual measures.
If we store your personal data on the basis of a contractual relationship, this data will be stored at least as long as the contractual relationship exists and at most as long as the limitation periods for possible claims from us are active or statutory or while contractual retention obligations are in effect.
3.6 Job applications
If you apply for a job in our company, we need your details to process your application. The purpose of this procedure is the targeted recruitment of qualified personnel.
Your application data will only be stored, evaluated, processed or forwarded internally as part of your application. Processing is mainly carried out electronically.
The basis for the processing of your personal data is the fulfillment of a contract to which you are a party or the implementation of pre-contractual measures.
Details on data processing for job applications can be found in the separate data protection declaration at the end of the application form.
4 Registration on the dealer portal
Customers have the option to register on our dealer portal. Within the portal, it is possible to set up additional user accounts. The input screen is used to request your contact details, which are sent to the respective specialist dealer. This includes mandatory information such as your name, your e-mail address and your postal address as well as optional information such as your company, your telephone number and a message.
The data entered during registration is transmitted to us and stored by us.
The portal contains up-to-date information on sales promotions, product news, advertising and other topics relating to STOBAG AG. It is used by dealers to order products and individual materials and to submit service reports.
The basis for the processing of personal data is our legitimate interest in the operation of the portal and optimization of our website. If the use of the portal is for the fulfillment of a contract, or the implementation of pre-contractual measures, this is an additional basis for the processing of personal data.
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the data collected during the registration process when the
registration on our website is canceled or modified.
The customer has the option to cancel or alter the registration at any time. Furthermore, you can modify or delete your personal data at any time. Please send your objection to the following e-mail address: stobag.datenschutz@infosec.ch.
5 Sharing of personal data
We treat your personal data as confidential and only share it with others if you have expressly agreed to this, if we are obliged to do so by law or if this is necessary to exercise our rights, e.g. to assert claims arising from a contractual relationship. In addition, we will share your personal data with third parties if this is necessary for the use of the website or for any provision of the services requested by you or if a contract processing relationship exists. The use of the data shared for this purpose by third parties is strictly limited to the stated purposes.
We also share your personal data to third-party companies (e.g. commissioned service providers or sub-sidiaries) abroad, insofar as this is necessary for the data processing described in this privacy policy. Statutory regulations relating to the sharing of personal data with third parties are observed as a matter of course.
Where we use processors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of your personal data in accordance with the relevant legal provisions.
If we transfer data to a country where there is no adequate legal data protection level, we require that the recipient takes appropriate measures to protect personal data (e.g., through the agreement of so-called EU Standard Contractual Clauses, the current version of which can be accessed here, or other safeguards based on justifications).
6 Storage duration
We process and store your personal data only as long as it is necessary for the fulfillment of our con-tractual and legal obligations or otherwise for the purposes pursued with the processing, and beyond that in accordance with statutory retention periods. As soon as your personal data is no longer required for the aforementioned purposes or a prescribed retention period expires, your personal data will be de-leted or anonymized as a matter of course and to the farthest extent possible.
In addition, we will delete your personal data if you request us to do so via stobag.datenschutz@infosec.ch and we have no legal or contractual obligation to retain or otherwise secure this data.
7 Cookies
We use cookies on our website on the basis of our legitimate interests. These are small text files that are stored on your device by your browser. When you visit a website, a cookie may be stored on your operating system. This cookie contains a string of characters that enables the browser to be uniquely identified when the website is accessed again.
The use of cookies allows us to tailor our website and our offers to your interests. Cookies enable us to recognize visitors. The purpose of this recognition is to make it easier for you to use our website.
Most of the cookies we use are session cookies. These are automatically deleted when you log out or close the browser. Other cookies persist beyond the end of the session and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit us.
Insofar as other cookies (e. g. cookies to analyze your browsing behavior) are stored, these are treated separately in this privacy policy.
You can prevent the storage of cookies by selecting the appropriate settings in your browser software. You can also object to the use of cookies for measuring reach and advertising purposes via the deactivation page of the Network Advertising Initiative and also on the US website YourAdChoices or the European website Your Online Choices. However, we would like to point out that in this case you may not be able to use all the functions of our websites to their full extent.
You can find more detailed information about the cookies we use and how you can revoke any consent you may have given in this context in our cookie settings.
8 Google Services
Our website uses features of the following web analytics services provided by Google LLC, based in the USA, or if you have your habitual residence in the European Economic Area (EEA) or Switzerland, Google Ireland Limited, based in Ireland ("Google"). Google LLC is always responsible for the processing of personal data when using "Google Maps". We use the Google services listed below on our website.
Further information on the individual specific Google services that we use on our websites can be found below.
Google uses technologies such as cookies, web storage in the browser and tracking pixels that enable your use of our website to be analyzed. The information thus generated about your use of our website may be transmitted to a Google server in the USA or other countries and stored there. Information about the locations of Google's data centers can be found here.
We use tools provided by Google which, according to Google, may process personal data in countries where Google or Google's subcontractors maintain facilities. In its "Data Processing Addendum for Products where Google is a Data Processor", Google promises to ensure an adequate level of data protection by relying on the EU standard contractual clauses. Even if this does not provide a conclusive guarantee of compliance with Swiss or European data protection law, Google is also still certified under the Swiss-U.S. and EU-.US. Privacy Shield agreements.
Further information on processing by Google and privacy settings can be found in Google's privacy policy and privacy settings.
8.1 Google Ads
Based on our legitimate interests we use the online advertising program "Google Ads", a service of Google, which is part of Google marketing services.
Google Ads saves a cookie on your device (known as a “conversion cookie”) if you have reached our website via a Google ad. These cookies lose their validity after 30 days, do not contain any personal data and therefore cannot be used for personal identification. If you visit certain pages on our website and the cookie has not expired, we and Google are notified that you have clicked on the ad and have been directed to that page. Each Google Ads customer receives a different cookie. Thus, there is no possibility of cookies being be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. We do not receive any information with which you can be personally identified.
Based on the information collected, your browser is assigned categories relevant to your interests. These categories are used to display interest-based advertising.
We use the data about you acquired with the above-mentioned cookie (so-called conversion tracking) for the following purposes:
- Remarketing
- Targeting specific audiences with common interests
- Targeting user-defined audiences with common interests
- Targeting users that are willing to buy
- Similar audiences
- Demographic and geographical focus
By using Google Ads, we reach users who have already visited our website. This allows us to present our advertising to target groups who are already interested in our products or services.
You also have the option to object to interest-based advertising by Google. To do this, go to http://www.google.com/settings/ads in each of the internet browsers you use and configure the desired settings there.
For more information on the terms of use and data protection in the context of Google AdWords, please follow this link: https://policies.google.com/technologies/ads?hl=en.
8.2 Google Maps
We use the online map service "Google Maps" on the basis of your consent.
By using Google Maps, information about your use of our websites (including your IP address) may be transmitted and stored. Google may store this data as usage profiles for the purposes of customizing services, advertising and market research. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish this to happen, you must log out beforehand.
We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by Google. You can prevent the use of Google Maps by deactivating Javascript in your browser settings. However, this may result in functional restrictions when using our website in individual cases.
For further details on the processing of data by Google Maps, and your rights and settings options for the protection of your privacy, please refer to Google’s terms of use and data protection notices: www.google.com/intl/en_us/help/terms_maps/ and https://policies.google.com/privacy?hl=en.
8.3 Google reCAPTCHA
The reCAPTCHA function helps us to differentiate whether an entry (e. g. in a contact form) is made by a human or automatically by a computer programme (so-called bots). This is intended to ensure the security of our website and in particular to protect it from automated entries (or attacks) and spam.
For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. These analyses run completely in the background and begin automatically as soon as you access a website on which we have integrated reCAPTCHA (e. g. as part of a job application). To differentiate between humans and bots, Google analyses various information, such as the IP address of the end device used, the time spent on the website, the browser and operating system used or mouse movements made by the website visitor.
Data processing is carried out on the basis of our legitimate interest. Our legitimate interest in the processing is to protect our website from abusive automated spying and spam.
Further information on the use of the data collected by Google in this way can be found in Google's privacy policy and terms of use.
8.4 Google Data Studio / Looker Studio
Based on our legitimate interests, we also use Google Data Studio on our website. Google Data Studio makes it possible to summarise and visualise different data in connection with other Google services or via external data sources. We use this service in particular for statistical analyses, forecasts and as a basis for strategic decisions. All data processed by us with Google Data Studio is of a purely statistical nature. No personal data is processed, nor is anonymised or pseudonymised data merged with personal data.
Further information on how Google Data Studio works can be found on the corresponding Google Website.
8.5 Google Search Console
We use the Google Search Console, a service provided by Google. The Google Search Console is an analysis tool that provides us with statistical data. This data includes the findability of our website by Google, the resolution of indexing problems and the performance in the search results. No personal data is collected. Deactivations at do-main or cookie level also apply to all tracking mechanisms implemented with the Google Search Console.
Further information can be found in the usage guidelines for this service: Google Search Console usage guidelines.
For more information about Google's use of data for marketing purposes, see the Google Technologies and Principles overview page or the Google Privacy Policy.
If you wish to object to interest-based advertising by Google marketing services, you can use the setting and opt-out options provided by Google: Google Ads Settings
8.6 YouTube
To integrate videos, we use the services of the provider YouTube LLC, based in the USA ("YouTube"), a subsidiary of Google LLC ("Google").
When you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. This information (including your IP address) may be transmitted to a Google server in the USA and stored there. If you are logged into your YouTube account at the same time, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account before visiting our website.
We use the so-called extended data protection mode of YouTube. According to YouTube, this mode means that YouTube does not store any data about you as a visitor to our website before you watch or play the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode.
Further information can be found in Youtube's terms of use and Google's Privacy Policy.
9 Friendly Analytics
We use Friendly Analytics on our website, a web analytics software from Friendly GmbH based in Switzerland (www.friendly.ch; hereinafter referred to as "Friendly"), to analyse user behaviour on our website, to optimise it on an ongoing basis and to tailor it even more specifically to the needs of users. This software is based on Matomo and is operated in Switzerland and hosted on Friendly's servers in Switzerland.
Users can deactivate the collection and transmission of website usage data to us on the website (settings) at any time. The information collected by Friendly about the use of our website includes in particular:
- anonymised IP address of the website user (shortened so that this data is not considered personal)
- Information about the website visit (date, time, pages viewed, downloads)
- Key figures of the end device (brand, type, screen, memory)
- Information about the operating system (e. g. iOS, Android)
- If applicable, type and version of the internet browser used
Under this link you can read how Friendly uses the collected data.
10 Matomo Tag Manager
We use the Matomo Tag Manager on our website, part of the open source software tool Matomo (www.matomo.org), a service provided by InnoCraft Ltd (7 Waterloo Quay PO625, 6140 Wellington, New Zealand), to analyse and statistically evaluate the use of the website. This service does not collect any personal data. This tag is used to allow third-party services to run small programmes on the website, which in turn may collect personal data under certain circumstances. The Matomo Tag Manager itself does not collect any personal data, does not pass on any personal data to third parties and does not access any personal data collected by the aforementioned third-party services.
11 Partner Sites
We offer our business partners and customers the opportunity to embed a widget on their website, which loads our product information and content from our website and displays it in the design of the business partner's/customer's website ("PartnerSites").
The use of our widget is analyzed with Matomo, a web analytics service provided by InnoCraft Ltd. (7 Waterloo Quay PO625, 6140 Wellington, New Zealand) ("Matomo").
Matomo is an open-source software that allows us to analyze the usage of our widget. For this purpose, Matomo uses a cookie, through which, among other things, the IP address of the website visitors of the respective PartnerSites is recorded, which of our products they have accessed, and from which PartnerSites they may have been redirected to our website. The analysis is generally carried out without it being possible to draw conclusions about the individual website visitors; the IP addresses collected by Matomo are shortened and anonymized immediately after collection and before storage.
This data processing is carried out exclusively for the statistical analysis of the usage of our widget and to optimize our offers. All data processed by Matomo is stored on our servers and not disclosed to unauthorized third parties.
For further information on the terms of use and data protection regulations, please refer to Matomo's privacy policy.
We would like to point out that PartnerSites using our widget are beyond our control, and we cannot influence the embedding or use of our widget on such websites. To the extent that the use of our widget requires a legal basis (e.g., consent) from the website visitors of the PartnerSites, the respective business partner/customer is responsible for this. For information on data protection and data security when visiting PartnerSites, please refer to their privacy policies.
12 Social Media presence
We maintain social media profiles on Facebook, Instagram, YouTube, LinkedIn, XING and Pinterest.
The data you enter on our social media profiles will be published by the social media platform and will not be used or processed by us for any other purpose at any time. However, we reserve the right to delete content should this be necessary. If necessary, we will communicate with you via the social media platform.
Please be aware that the operator of the social media platform uses web tracking methods. Web tracking, over which we have no influence, can also take place regardless of whether you are logged in or registered with the social media platform.
More detailed information on data processing and further information on your rights in this regard and setting options to protect your privacy as well as your right to object to the creation of user profiles by the provider of the social media platform can be found in the privacy policy of the respective provider:
- Facebook – Meta Platforms Inc. (USA)/Meta Platforms Ireland Ltd. (Ireland): Privacy Policy
- Instagram – Meta Platforms Inc. (USA)/Meta Platforms Ireland Ltd. (Ireland): Privacy Policy
- YouTube – YouTube LLC (USA): Privacy Policy
- LinkedIn – LinkedIn Corporation (USA)/LinkedIn Ireland Unlimited Company (Ireland): Privacy Policy
- XING – New Work SE (Germany): Privacy Policy
- Pinterest – Pinterest Inc. (USA)/Pinterest Europe Ltd. (Ireland): Privacy Policy
13 Your rights
You are entitled to the rights of information, rectification, erasure, restriction, data portability, objection and revocation of consent with regard to your personal data.
If you believe that the processing of your personal data violates data protection law or your data protection rights have otherwise been violated in any way, you can also complain to the supervisory authority.
If you have any questions regarding our privacy policy and for information regarding your rights under this privacy policy and how to exercise them, you can contact us using the contact details provided in section 2.1 of this privacy policy. Where necessary, we reserve the right to request your identification in a suitable manner for the processing of inquiries.
14 Data security
We take technical and organizational security measures to protect your personal data against tampering, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.
The measures taken are intended to ensure the confidentiality and integrity of your personal data and to guarantee the availability and resilience of our systems and services in the processing of your personal data in the long term. They are also intended to ensure the rapid restoration of the availability of your personal data and access to it in the event of a physical or technical incident.
Our data processing and security measures are continuously improved in line with technological developments.
15 Use of the website by minors
The website is aimed at an adult audience. Minors, especially children under 16 years of age, are prohibited from transmitting personal data to us or registering for a service without the consent or approval of their parents or legal guardians. If we discover that such data have been transmitted to us, it will be deleted. The child’s parents (or legal guardian) can contact us to request deletion or deregistration. For this we need a copy of an official document that identifies you as a parent or legal guardian.
16 Links to websites of other providers
Our website may contain links to websites of other providers to which this privacy policy does not apply. Once the link has been clicked, we no longer have any control over the processing of any data transferred to the third party when the link is clicked (such as the IP address or the URL where the link is located), as the behavior of third parties is naturally beyond our control. We can therefore not assume any responsibility for the processing of your personal data by third parties. If the use of other providers’ websites involves the collection, processing or use of your personal data, please note the data protection information of the respective providers.
17 Changes to the privacy policy
We explicitly reserve the right to amend or change this privacy policy at any time. All changes and additions are at the sole discretion of the company.
