STULZ GmbH Data Protection Declaration regarding the use of the website
– Information pursuant to Arts. 13, 14 und 21 of General Data Protection Regulation („GDPR“) –
This data protection declaration shall inform you as to which of your personal data we, STULZ GmbH, collect and process as part of the use of our website https://www.stulz.de (“Website”) (hereinafter referred to collectively as “Processing”). We process personal data in order to offer our services to you. In this context, personal data shall refer to any information relating to an identified or identifiable natural person.
STULZ GmbH (“we” or “us”) is responsible for the processing of personal information as part of the Website’s use. Our contact information is as follows: STULZ GmbH, Holsteiner Chaussee 283, 22457 Hamburg, Germany, tel.: +49 40 5585-0, fax: +49 40 5585-352, info(at)stulz(dot)de. For additional information, please see the Website’s legal notice (Imprint).
3. Data protection officer
You can reach our data protection officer by email at datenschutz(at)stulz(dot)de or by writing to our mailing address (to the attention of the “Data Protection Officer”).
If you have any questions, concerns or suggestions related to the topic of data protection on the Website, you may contact the data protection officer at any time. Using the contact information as provided for our data protection officer, you may also assert your rights as a data subject. Please see Section 9 of this data protection declaration for more details.
4. Automatic data processing during visit to our Website – purposes and legal bases
You can visit the Website and gather information without having to provide any personal data (e.g., by registering or transmitting data through online forms). In order to allow you to use the Website in a manner that is user-friendly, stable and safe, and to provide you with additional services, we will, however, automatically collect and process the (pseudonymous) technical data needed for this purpose with help from both your device and browser.
4.1 Automatic data collection and processing by web server
In order to show you the individual pages of the Website, our web servers automatically collect and process the following personal data, which are transmitted by your browser:
- page visited on Website (URL)
- user agent ID that may contain additional information (about operating system, browser type and version used, preferred language), depending on browser
- referrer URL (page visited most recently, if available)
- date, time and time zone of server request
- IP address
- host name of your Internet service provider (ISP)
The legal basis for data processing of this kind is Art. 6(1) (b) GDPR. The data processing in question is needed for the implementation of pre-contractual measures adopted at your request as such pre-contractual measures also include website visits.
Our web servers temporarily store the (pseudonymous) technical communication data collected and processed for the use of the Website in so-called server log files. Such data will not be evaluated with respect to a specific person, nor will they be combined with data from other sources. We use the server log files for internal system-related purposes; chief among them is ensuring the stability and security of our web servers and the Website. Whenever there is reason to suspect that our offerings are being used in an unlawful manner, we reserve the right to identify and track inadmissible or exploitative attempts to access our web servers using the IP address on file. The legal basis for data processing of this kind is Art. 6(1) (f) GDPR, which permits personal data to be processed in keeping with our legitimate interests. Our legitimate interests consist in the Website’s easy administration and safe operation.
4.2 Direct marketing
We shall use the personal data for direct-marketing purposes, including but not limited to an email newsletter or postal advertising. Specifically, the following personal data will be processed in this regard: form of address, name, mailing address, email address and telephone number.
The legal basis for direct mail marketing is our legitimate interest in marketing our products, Art. 6(1) (f) GDPR.
If you granted your consent, we shall process the data needed to inform you about our products and services, as well as our enterprise, by email newsletter. We shall process such data on the basis of Art. 6(1) (a) GDPR. You may withdraw your consent at any time and cancel your email newsletter subscription. For this purpose, please send a message to one of the addresses listed in Section 2.
To send out the email newsletter, we avail ourselves of the Optimizely Campaign solution of marketing service provider Episerver GmbH, Wallstrasse 16, 10179 Berlin, Germany. Episerver GmbH processes your data on our behalf on the basis of an agreement pursuant to Art. 28 GDPR. For additional information about data processing as part of the Optimizely Campaign solution as well as the data protection provisions of both the Optimizely group of companies and Episerver GmbH, please visit https://www.optimizely.com/de/legal/datenschutz/.
We undertake statistical evaluations and use Optimizely Campaign to analyze the open rates and click behavior of the users of our newsletter. For evaluations of this kind, the connection data mentioned in Section 4.1 are collected and processed, along with data on users’ click and usage behavior. The legal basis for such analyses is Art. 6(1) (a) GDPR.
4.3 Customer service
We use your personal data for communicating with you. Specifically, the following personal data are processed for this purpose: contact information (name, mailing address, email address, telephone number).
The legal basis in this instance is the (intended) contractual relationship, Art. 6(1) (b) GDPR, as well as our legitimate interest in serving our customers, Art. 6(1) (f) GDPR.
4.4 Contacting us through contact form or by email, mail and telephone
You may contact us using the email address, telephone number or mailing address provided on the Website or by using a contact form – e.g., to receive information about our products and services or additional materials. Specifically, the following data may be processed at such instance, form of address, name, email address, mailing address, telephone number, such other personal data as you may provide on a voluntary basis. The data you provide are used exclusively to address your concern, to answer your question or to contact you, along with any related administrative task.
The legal basis for processing the data is our legitimate interest in answering your question pursuant to Art. 6(1) (f) GDPR or, if your inquiry is geared toward the execution or implementation of a contract, Art. 6(1) (b) GDPR.
If you give your consent, we will forward your data to the responsible authorized STULZ partner and/or the responsible STULZ subsidiary for the purpose of processing the inquiry or inform you about our products and events. The legal basis for processing your data is Art. 6(1) (a) GDPR if you have given your consent. You can revoke your consent at any time.
4.5 Cookies, web analytics tools and external contents
To manage your consents, we have integrated the Usercentrics service provided by Usercentrics GmbH, Sendlinger Strasse 7, 80331 München, Germany, with the Website. Usercentrics allows you to grant your consent for certain data processing processes, as well as to withdraw it. In addition, Usercentrics assists us with documenting your relevant declarations. For this purpose, log data on the status and timing of your declarations of consent are processed in addition to the log file data mentioned in Section 4.1. Such processing of data is needed for us to document any consent granted and is undertaken on the basis of Art. 6(1) (c) GDPR.
You can find information about the cookies and similar tools used on the Website as well as on the consents you have granted under “Privacy settings” at any time. This is where you may manage the consents granted and withdraw them, be it wholly or in part, with effect for the future pursuant to Art. 7(3) GDPR.
We use so-called cookies on our Website to make certain functions available or more attractive. Cookies are small text files that are stored on your end device. Some of the cookies we use (so-called session cookies) are deleted once the browser session ends – i.e., when the browser is closed. Other cookies (so-called persistent cookies) remain on your end device and allow us to recognize your end device upon your return.
You can adjust your browser settings in order to be notified of cookies to be stored, so you can decide whether to accept cookies on a case-by-case basis – or block them in certain instances or as a rule. You can also choose a browser setting that ensures that cookies are automatically deleted when the browser is closed. The non-acceptance of cookies may compromise the Website’s functionality.
If you consented to the use of non-essential cookies and tools, you may withdraw your consent with effect for the future in “Privacy settings” at any time, be it wholly or in part. For more information about the non-essential cookies and services used, please refer to “Privacy settings” as well as the following sections of this data protection declaration.
4.5.2 Google Analytics
For purposes of measuring reach and analyzing your user behavior, as well as of evaluating and improving the Website, the web analytics service Google Analytics of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) is used on the Website. Google Analytics is not activated until you have given your consent in the category “Analysis” under “Privacy settings”. Any data processing by Google Analytics is undertaken on the basis of Art. 6(1) (a) GDPR, § 25 (1) sentence 1 of the Telecommunications Telemedia Data Protection Act.
The service deploys cookies that allow your user behavior to be analyzed. During your visit to the Website, the following information may be collected: start of session, initial visit to Website, pages visited, interaction with Website (click/scroll path), internal search queries, clicks on external links, videos viewed, files downloaded, ads viewed and clicked, language setting. In addition, Google Analytics gathers the technical communication data mentioned in Section 4.1, including your IP address.
To facilitate an evaluation by Google Analytics, we have appended so-called UTM parameters to the addresses (URLs) of individual pages of the Website. These UTM parameters indicate the referrer source of the visit to the Website, the advertising medium used (e.g., ads on other Internet pages, email newsletters, social media) as well as the nature and content of the advertising campaign.
The information generated about your use of the Website are typically transmitted to, and stored and processed on, a U.S. server. However, with the IP anonymization on the Website activated, Google will first truncate your IP address within EU member states or other signatories of the European Economic Area (EEA) Agreement. Only by way of exception will the full IP address be transmitted to a Google server in the U.S. and be truncated there. Google will use this information to evaluate your use of the Website, to compile reports about your activities on the Website and to provide other services to us in connection with the use of the Website and the Internet. This may result in the creation of pseudonymous user profiles for users based on the data so processed.
You may deactivate your consent at any time under “Privacy settings.” And you may put a stop to cookie-based data processing as part of Google Analytics using any of the following options:
- You prevent Google’s cookies from being stored by adjusting your browser settings accordingly; we shall note, however, that if you do so, some of the functions of the Website may not be available to you to their full extent.
- You can also prevent Google from receiving and processing the data generated by the cookies about your use of the Website (which include your IP address) by downloading and installing the browser plug-in available here: http://tools.google.com/dlpage/gaoptout?hl=de.
4.5.3 YouTube videos
We have integrated videos from the YouTube video portal, which is operated by Google (see Section 4.5.2). For this purpose, we avail ourselves of the option “extended data protection mode” provided by Google. Data processing requires that you have granted your consent in the category “Functional/external media” under “Privacy settings.” Data are processed on the basis of Art. 6(1) (a) GDPR, § 25 (1) sentence 1 of the Telecommunications Telemedia Data Protection Act.
If you did consent, a connection is established with the Google servers, with contents being streamed on the Internet page following a message sent to your browser when you open a page featuring an integrated YouTube video. In the process, your IP address, device information as well as data about the website opened will be transmitted to Google. If you are simultaneously logged in with another Google service, such information may be matched to your membership account. You can prevent this from occurring by logging out of your membership account prior to visiting the Website.
Once you start playing an integrated video, Google will only store cookies on your device not containing personally identifiable data in “extended data protection mode” unless you are currently logged in to a Google service. These cookies may be blocked through appropriate browser settings and extensions.
For more information about data protection in connection with YouTube, please refer to Google’s data protection policy: https://policies.google.com/privacy.
4.5.4 Vimeo videos
We have integrated videos of the provider Vimeo LLC, located at 555 West 18th Street, New York, New York 10011, USA, on our Website by means of a plugin (Vimeo plugin) for the display of videos.
We have set up the integration of these videos in such a way that a connection to the Vimeo servers is not automatically established when you call up a page on our Website on which a video is integrated using the Vimeo plugin. For this purpose, the setting of cookies is deactivated by default for the embedded videos.
If you want to start the respective video, a connection to the Vimeo servers is required. In the process, your personal data in the form of your IP address, technical information about the end device you are using (e.g. browser type, operating system, basic device information) and the website you are accessing from will be transmitted to Vimeo's servers in the U.S. For this purpose, we ask for your explicit consent before starting the video. If you agree to the use of Vimeo's services, you also agree to your personal data being transmitted to Vimeo's servers in the U.S.
The data transfer will then take place regardless of whether you have a user account at Vimeo and are logged in there. However, Vimeo can assign your surfing behavior to your user account if you are logged in when you start the video. You can prevent this by first logging out of your user account and deleting the corresponding cookies.
The legal basis of the processing is your consent pursuant to Art. 6 (1) lit. a GDPR.
5. Online presences and services
5.1 Social networks
You can access our respective social media-appearance via link from our Website (Facebook, LinkedIn, Xing, Instagram, YouTube and TikTok). To the extent that personal data is processed in doing so, the legal basis for this is Art. 6(1)(f) GDPR. Our legitimate interest is the information and communication with the users of our Website. You can find more information about the data processing and possibilities to object under the following links:
5.2 Google Maps
If you consent, this Website uses Google Maps. The data processing is based on Art. 6(1) (a) GDPR, § 25 (1) sentence 1 Telecommunications Telemedia Data Protection Act. If you consent to the use of Google Maps on a subpage in which Google Maps is embedded and activate the Plug-in, Google receives the information, that you entered the respective subpage of our Website. Moreover, data that your browser transmits to Google are collected. These are e.g., IP address, date and time of the query, data volume transferred, operating system und surface, language and browser software version.
This is regardless of whether Google provides a user account that you are logged in to or no user account exists. When you are logged in to Google, your data is assigned to your user account directly. Google stores your data as user profiles and uses them for purposes of advertisement, market research and/or needs-based design of the Website. For the exercise of any right, e.g., a right to object the creation of these user profiles, you have to contact Google directly.
By using Google Maps you agree to the Terms and Conditions of Google Maps. You can find these Terms and Conditions here: https://www.google.com/intl/de_de/help/terms_maps.html. You can find further information about the processing of your personal data by Google Inc. in the Data Protection Declaration of Google Inc.: https://policies.google.com/privacy?hl=de. Google processes your personal data in the United States of America and has submitted to the EU-US Privacy Shield (https://www.privacyshield.gov./EU-US-Framework).
6. Sharing personal data
Generally, the personal data collected during the use of the Website are not passed on or otherwise shared with other parties unless specifically provided otherwise in this data protection declaration. This excludes mandatory transmissions of personal data to government agencies and authorities as well as private holders of rights as prescribed by applicable law or under court or official rulings, along with instances of necessary disclosure to state agencies and authorities in cases of attacks on our legal interests, for purposes of law enforcement and prosecution.
For the operation of the Website and the execution of individual functions and offers, we rely to some degree on external service providers that we select with care. To the extent necessary, these service providers working on our behalf process your personal data in accordance with our instructions under a given contract for the purposes stated in the data protection declaration. They are contractually obligated to strictly comply with this data protection declaration, applicable provisions of data protection law as well as our directions (processor pursuant to Art. 28 GDPR). The same applies to any subcontractor if and to the extent that our processors use subcontractors with our prior consent.
In addition to the service providers mentioned in Sections 4 and 5, we rely on service providers to provide, service and maintain IT systems by way of processing under a contract.
7. Processing personal data in “third countries”
We process the personal data collected on the Website within EU member states as a rule. Personal data shall only be transmitted to other “third countries” – i.e., countries outside of the European Union and the European Economic Area – if and to the extent that we expressly so inform you.
Insofar as you have consented to data processing undertaken by Google and Vimeo services (Sections 4.5.2, 4.5.3, 4.5.4 and 5.2), the data collected by them will be transmitted, in part, to other companies affiliated with Google and Vimeo and registered in the U.S. – namely Alphabet Inc. and Google LLC – as well as other Google and Vimeo services providers. For this purpose, Google and Vimeo uses standard contractual clauses approved by the European Commission.
8. Length of storage
We shall store your personal data to the extent and for as long as is necessary for the purposes of processing we pursue. Insofar as statutory or contractual retention periods, during which your data must be stored, extend beyond such time, your personal data will be erased upon the lapse of a given retention period unless you expressly consented to the ongoing use of your data or we are entitled to such use on another legal basis.
The technical communication data contained in the server log files (Section 4.1) shall be deleted after 30 days, at the latest.
The session cookies we use are deleted when your browser is closed. Any persistent cookie we use will remain on your device until their prescribed life span has expired or you remove them manually (Section 4.5.1). The length of storage for individual cookies is listed in “Privacy settings”. Data collected by Google Analytics shall be deleted upon the anonymization of IP addresses (see Section 4.5.2). By way of an agreement with Google, we have limited the length of storage for data gathered by Google Analytics to be no more than 14 months.
Data from the statistical evaluation of the email newsletter are stored anonymously (Section 4.2).
If you contact us through one of our contact forms or by other means (Section 4.5), the data you provide shall be processed exclusively for the purpose of addressing your concerns and/or any additional questions you might have, and shall be erased thereafter. At the latest, the data will be erased six months after you last made contact.
9. Data subject’s rights
9.1 Right of access, rights to rectification, erasure, restriction and data portability
Upon request, we shall be glad to inform you as to which personal data of yours are being processed (Art. 15 GDPR). In the event that data concerning you are incorrect, you are entitled to have them rectified (Art. 16 GDPR) or restricted (Art. 18 GDPR) accordingly. You are further entitled to obtain the blocking or the erasure of the data we have stored about your person if the purpose of processing such data lapses or other legal requirements apply (Art. 17 GDPR). In the event that erasure is opposed by statutory or contractual duties of retention, by duties of retention imposed by tax and/or commercial codes or for other reasons embodied in applicable law, your data may only be blocked – rather than erased. In addition, you shall hold a right to data portability (Art. 20 GDPR). Upon request, you shall receive your personal data in a structured, commonly used and machine-readable format.
9.2 Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of personal data relating to you as characterized in this data protection declaration infringes applicable law. Under the link below, you will find the addresses of and links to all German data protection supervisory authorities as well as German, European and international data protection officers: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Information about your right to object pursuant to Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Art. 6(1) GDPR (data processing on the basis of our legitimate interest.
If you do object, we shall no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. An objection may be
In some cases, we may process your personal data for direct marketing purposes. You have the right to object at any time to processing of personal data concerning you for such marketing.
If you object to processing for direct marketing purposes, we shall no longer process the personal data for such purposes.
To assert the foregoing rights or to receive more detailed information about the foregoing rights, please contact our data protection officer or get in touch with us directly at the addresses listed in sections 2 and 3.