Article 1. Information on the collection of personal data
This document explains how we collect personal data of our website users. Personal data includes all data that can be traced to your person including e.g. name, address, email addresses and user behaviour.
The data controller under Article 4(7) EU General Data Protection Regulation (GDPR) is:
Stockmeier Holding GmbH, Am Stadtholz 37, 33609 Bielefeld, Germany, firstname.lastname@example.org
(See our Legal Notice for further details).
You can contact our data protection officer at email@example.com
When you contact us by email, we will save the information you share with us (your email address or any other data you have voluntarily shared with us, like your name and phone number) to answer your queries. We delete this data as soon as we no longer need to store it or we restrict the processing of it, provided there are no statutory retention obligations.
We may commission other service providers for specific functions of our website or use your data for marketing purposes. In this case we shall provide you with detailed information on our processes below. We shall also outline the agreed criteria for storage retention.
Article 2. Your rights
You have the following rights regarding your personal data:
- Right of access,
- Right of rectification or erasure,
- Right to restrict processing,
- Right to withdraw consent for processing,
- Right of data portability,
- Right to lodge a complaint with a supervisory authority.
To clarify, you have the right,
- under Article 15 GDPR, to request access to your personal data processed by us. In particular, you may request access to information on the purposes of processing, the category of personal data, the categories of recipients with whom we have disclosed or disclose your data, the scheduled retention period, if there is the right of correction, erasure, restriction of processing or withdrawal of consent, if there is a right of complaint, the origin of your data provided we have not collected it, as well as about the existence of an automated decision process including profiling and perhaps other detailed information on their particulars;
- under Article 16 GDPR, to request that we immediately rectify incorrect or incomplete personal data stored on our system concerning you;
- under Article 17, GDPR, to request the erasure of personal data stored on our system concerning you, provided that the processing is not required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- under Article 18 GDPR, to request the restriction of the processing of your personal data should you contest the accuracy of the data, the processing is unlawful, but you oppose its erasure and we no longer require the data, but you need it to establish, exercise or defend a legal claim, or you have objected to the processing under Article 21 GDPR;
- under Article 20 GDPR, to request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to transmit it to another data controller;
- under Article 7(3) GDPR, to withdraw the consent you have granted to us at any time. This means that we will no longer be permitted to process data that relied on your consent, and
- under Article 77 GDPR, to lodge a complaint with a supervisory authority. Generally, you may submit your complaint to a supervisory authority at your habitual residence or workplace or another local office.
Article 3. Collecting personal data during website visits
If you use our website solely for information, i.e. if you don’t register or transmit information to us in another manner, we shall only collect the personal data that your browser transmits to our server.
If you would like to view our website, we collect the following data, which we require for technical reasons to be able to display our website to you and guarantee its stability and security (lawful basis is Article 6 (1)(1)(f) GDPR):
- IP address
- Date and time of the request
- Time difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- The quantity of data transmitted in each case
- The website sending the request
- Operating system and interface
- Browser software language and version
What is a cookie?
A cookie is a small file that is stored on your computer or mobile device when you visit a website. Cookies help a website to remember information such as specific actions and settings (username, language, font size and other display parameters) for a certain length of time so that the user will not have to re-enter this information every time they visit the website or change from one page to another. Other third-party cookies can also be used to track you if they are found on other websites which use such third-party services.
How to check your cookies
You can check and/or delete cookies at your discretion. For further information, see aboutcookies.org. You can delete any cookies already stored on your computer, and most browsers can be configured to block cookies. However, every time you revisit a website, you may have to manually adjust some settings and may not have access to certain services and functions in certain circumstances.
You can block or delete this cookie, however by doing so, you risk losing proper functionality on some parts of the website.
The information contained in the cookies is not used to identify you personally and we have full control over the data stored. This cookie will never be used for purposes other than those outlined herein.
The following cookie is used in this way:
- Cookie tooltip (Purpose: cookie notification)
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited (‘Google’) Google Analytics uses so-called cookies, i.e. text files that are stored on your computer and enable us to analyse your use of the website. The information generated by the cookies on your use of this website is usually transmitted to a Google server in the USA where it is stored. If IP anonymisation is activated on this website, however, your IP address will be truncated by Google in Member States of the European Union or in other states party to the Agreement on the European Economic Area prior to transmission. Only in exceptional cases will the complete IP address be transmitted to a Google server in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling website activity reports and providing other services to us relating to the use of this website.
The IP address transmitted by your browser within the scope of Google Analytics shall not be associated with any other data held by Google.
For further information on data privacy and Google Analytics, see Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=en).
This website uses Google Analytics with the extension “_anonymizeIp()”. This means that only truncated IP addresses shall be processed further so as to prevent them from being linked to a specific user. Insofar as data can be attributed to you as an individual, processing will immediately come to an end and the personal data shall be immediately deleted.
We use Google Analytics to be able to analyse the use of our website and to continually enhance our site. We gather statistics to improve our offerings and make our website more interesting for you, the user. For exceptional cases where your personal data is transmitted to the USA, Google has agreed to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. The lawful basis for the use of Google Analytics is article 6 paragraph 1 section 1 lit. (f) GDPR.
Additionally, the website uses Google Analytics for universal analytics of website traffic which is performed via a user ID. You can disable universal analytics on your use of the website in your account under “My Data”, “Personal Data”.
The following cookies are used for this purpose and are only placed on your device after you have given your consent via the cookie banner:
Provider: Google Analytics, Purpose: To distinguish users, Validity: 24 hrs
Provider: Google Analytics, Purpose: Used to slow down request rate, Validity: 1 min.
Provider: Google Analytics, Purpose: To distinguish users, Validity: 2 years
Article 5. Use of Google Maps
This website uses Google Maps. This software enables us to display interactive maps directly on our website and makes it convenient for you to use the map function.
By visiting our website, Google receives information that you have opened this specific page of our website. The data outlined in Part A, Article 3 herein is also transmitted. This shall occur regardless of whether Google has given the user the option of logging into their account or if the user does not have a Google account. If you are logged into your Google account, your data is assigned directly to your account. If you do not want this information to be assigned to your Google profile, you must log out of your Google account prior to enabling the button. Google stores your data as a user profile and uses it for advertising purposes, market research and/or to offer a customised website experience. This analysis is important in particular (even if users are not logged in) for customised advertising and to inform other users of the social network about their activities on our website. You have the right to object to the formation of this user profile, although you must exercise this right directly with Google.
Article 6. Processing the personal data of applicants
The data that you provide to us electronically by email or in writing by post are only stored for the purpose of processing your application properly.
The lawful basis for this is to execute pre-contractual measures under Article 6(1)(b) GDPR and for decision-making on the justification for an employment relationship under Article 26 Federal Data Protection Act (BDSG new). The processing of highly sensitive personal data which you have opted to share with us, such as religion or disability, is performed on account of your voluntary consent under Article 9(2)(a) GDPR, which you have provided regarding your application.
You can withdraw your consent at any time.
Our HR department and the responsible management have access to the data you have shared with us. If we do not hire you, we will subsequently restrict access to the data. Only our HR department will continue to have access to the data.
Your data shall be saved within the scope of your job application only for as long as is necessary for said application. If we hire you, we will share your data with our HR department for further administrative purposes. If we do not hire you, your data shall be stored for a further six months in line with legal obligations, and subsequently deleted. Retention of your data for pre-defined purposes beyond this period depends solely on your voluntary consent under Article 9(2)(a) GDPR.
We do not carry out automated decision-making under Article 22 GDPR for this application process.
Article 7. Newsletter
In the following section, we will clarify the content of our newsletters as well as processes for subscription, despatch and statistical analysis, and your rights to object. By subscribing to our newsletter, you agree to its receipt and the processes described herein.
We send newsletters, emails and other electronic messages with advertising information (hereinafter ‘Newsletter’) only with the recipient’s consent or legal permission. Insofar as the newsletter content is specifically described within the scope of registration, it is decisive for the consent of the users. Furthermore, our newsletters contain information on our company’s services and products.
To subscribe to the newsletter, you must provide your email address, your first name and surname and any information relevant to your business (business name). This information is used solely to personalise the newsletter.
We keep records of newsletter subscriptions as evidence that the registration process complies with legal requirements. This includes storage of the time of subscription and its confirmation, as well as the IP address. The changes are also recorded in your data stored by "MailChimp”.
Subscription to our newsletter involves a double opt-in process. This means that you will receive an email after registration asking you to confirm your subscription. This confirmation is necessary to prevent a person from registering with another person’s email address.
Consent to send email addresses on the basis of Article 6 (1)(a), 7 GDPR and Article 7 (2)(3), or (3) Unfair Competition Act [UWG].
The use of the mail service “MailChimp“, gathering statistics and analyses and keeping records of registration is performed on the basis of our legitimate interests under Article 6 (1)(f) GDPR.
Our interest is a safe and user-friendly newsletter system. This should serve our business interests and meet the expectations of our users.
Use of MailChimp
We send our newsletters through “MailChimp“, a marketing platform belonging to the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE 5000, Atlanta, Georgia 30308, USA.
The email addresses of our newsletter subscribers and any other data used for this purpose are saved on MailChimp servers in the USA. MailChimp uses this information on our behalf to send and analyse our newsletter. Furthermore, according to MailChimp, it may use the data to optimise or enhance its own services, e.g. technical optimisation of despatch and presentation of the newsletter or for economic purposes, to ascertain in which countries the recipients are located. However, MailChimp does not use subscribers’ data to contact them directly and it does not disclose it to third parties.
We are confident of the reliability, IT systems and data privacy measures used by MailChimp. MailChimp is certified under the US-EU data privacy agreement ‘Privacy Shield‘ and thus commit to comply with EU data protection regulations. We have also agreed a “Data Processing Agreement“ with MailChimp. This involves a contract wherein MailChimp is obliged to protect the data of our users, to process it on our behalf in compliance with data privacy regulations and not to disclose it to third parties. You can see the data protection guidelines at MailChimp here.
Data for statistics/analysis
Our newsletter contains a so-called “web beacon”, i.e. a pixel file which is called up when the newsletter is opened by our server, or by another server, if we have used a mail service provider. Firstly, this process collates technical information relating to your browser and system, for example, and your IP address and the time of access.
This information is used to enhance the service technology through the technical data collected or used to determine target groups and their reading behaviour via the locations (determined by the IP address) or times of access. Statistical data collected includes whether the newsletter has been opened, when it was opened and which links the user clicked on. For technical reasons, it is possible to assign this information to individual subscribers. We neither aim nor do we use service providers that aim to observe individual users. Rather, the analyses serve to recognise the reading habits of our users and to customise our content to them or to send different content in line with users’ interests.
Withdrawal of consent
You can unsubscribe from our newsletter at any time, i.e. withdraw your consent. This terminates both your consent to receive the newsletter from MailChimp and your consent to statistical analysis. Unfortunately, it is not possible to withdraw consent to either of these separately. At the end of every newsletter, you will find a link to unsubscribe from our newsletter.
Article 8. Event registration
By providing your binding event registration, you consent to the processing of your personal data for the purposes of registering for events.
We require your email address, your first name and surname, and any information relevant to your business (business name). This information is used solely for the unique identification of the registered person and to generate lists of participants, nametags or to give away ticket codes for trade fairs.
The first step in the process involves sending you an email to confirm receipt. After we have processed your registration request, you will receive a second email with confirmation of registration/ your ticket code/ a rejection of your request.
We keep records of subscriptions as evidence that the registration process complies with legal requirements. This includes storage of the time of subscription and its confirmation, as well as the IP address.
We process your data according to Article 6(1)(a) GDPR on the basis of your consent through your binding event registration and on the basis of our legitimate interests under Article 6 (1)(f) GDPR. Our interest is a safe and user-friendly event management system. This should serve our business interests and meet the expectations of our users.
Your registration data shall be erased after the particular event.
Article 9. Customer service portal
The Stockmeier Group offers a customer service portal which is currently being completely overhauled. You can access the old ‘CSP’ portal at LINK.
Customers with a strong interest in digital solutions can register at ‘MYSTOCKMEIER’. Follow this LINK to the Stockmeier website to find out more.
By registering in our customer service portal, you will receive an overview of the order data stored and processed by us as per Article 6 (1)(b) GDPR. Additionally, with every new item ordered you will receive the safety data sheets by email.
A three-step registration process (registration, check, approval) and password ensure that you alone have access to your data.
We require your customer number and email address for the check, to contact you, and to send your login data and safety data sheets to you. Further details such as surname, first name, title, job title and telephone number are optional.
We process your registration data according to Article 6(1)(a) GDPR on the basis of your consent provided by registering in our customer service portal.
We delete this data as soon as we no longer need to store it or we restrict the processing of it, provided there are no statutory retention obligations. You can also exercise your right of withdrawal.
By registering in our portal MYSTOCKMEIER, you will receive an overview of the order data stored and processed by us as per Article 6 (1)(b) GDPR. If you are ordering items for the first time or safety data sheets have expired, you will also receive the safety data sheets by email.
Only you will have access to your data: a double opt-in process shall apply for each subscription and subsequent approval. Use a strong password to protect your user account.
For registration, we require your title, surname, first name and business name, as well as your email address and telephone number. We will only use your email address to contact you if there are issues with your account and to send you the safety data sheets. All other information are optional. We process your registration data as per Article 6(1)(a) GDPR on the basis of your consent by registering in our customer service portal.
We delete this data as soon as we no longer need to store it or we restrict the processing of it, provided there are no statutory retention obligations. You can also exercise your right of withdrawal.
Article 10. Social media
The Stockmeier Group operates various social media channels which can be accessed via the following links:
- LinkedIn: www.linkedin.com/company/stockmeier-group/
- XING: www.xing.com/companies/stockmeiergruppe
- YouTube: www.youtube.com/channel/UCVVJP1uwTcL1z9YDCK8VP_w/featured
- Facebook: https://www.facebook.com/STOCKMEIER-Gruppe-100836641690969/
For data protection reasons, we do not embed any social plugins directly into our web presence. As a result, data shall not be transmitted to social media providers when you access our site. Profile development by a third party is therefore excluded.
In addition to us, there is also the operator of the social media platform itself. In this respect, this operator is also another responsible entity that carries out data processing, upon which we have only limited control. At the stages over which we have control and can set parameters on data processing, through the social media platform operator, we effect the scope of the options available to us as protected by data privacy regulations. At several stages, however, we cannot influence the processing of data by the social media platform operator and we do not know exactly which data it processes.
The data you enter on our social media sites, such as comments, videos, photos, likes, public messages etc. are published by the social media platform and are not used or processed by us for other purposes at any time. We only reserve the right to delete content if this is necessary. When appropriate, we will share your content on our site, if the social media platform offers this function, and we may communicate with you via the social media platform. The lawful basis is Article 6 paragraph 1 section 1 lit. (f) GDPR. Data processing shall take place in the interests of our publicity work and communications.
If you submit a query on the social platform, depending on the necessary answer, where appropriate, we will also direct you to other safe communication channels that guarantee confidentiality. You shall always have the option to send confidential queries to our address provided in our legal notice.
We use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland for the information service offered on our social media channel. Please note that your data may also be processed outside the European Union or the European Economic Area.
Any use may therefore involve data protection risks for you, as it may be difficult to safeguard your rights, e.g. to information, deletion, objection, etc., and the processing is often carried out directly by Facebook for advertising purposes or for the analysis of user behaviour, without this being able to be influenced by us.
Further information on the processing of your data and the possibility to make use of your right of objection or revocation (so-called opt-out) is listed below:
- STOCKMEIER and Facebook are jointly responsible in accordance with Art. 26 DS-GVO: https://www.facebook.com/legal/terms/page_controller_addendum
- Opt-out and advertising settings: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
- Facebook has joined the EU-U.S. Privacy Shield Agreement: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active + Https://de-de.facebook.com/about/privacy/
Article 11. Objection or withdrawal of consent to processing
If you have given consent to the processing of your data, you can withdraw it at any time. This withdrawal affects the permissibility of processing your personal data after you have expressed it to us.
Insofar as we take the processing of your personal data as the basis for the balancing of interests, you may object to the processing. This shall be the case in particular if the processing is not required to fulfil a contract with you, which we shall describe in the functions below. When you exercise your right to withdrawal, we shall ask you to provide us with your reasons why we should not process your personal data. In the event of your legitimate objection, we shall examine the situation and either stop or adapt the processing of your data, or we shall share with you our legitimate sensitive reasons on the basis of which we will continue the processing.
You may, of course, object to the processing of your personal data for advertising and analysis purposes at any time. You can contact us to let us know of your intention to withdraw consent using the following email address: firstname.lastname@example.org
Valid from 04/14/2020