PRIVACY POLICY

PRIVACY POLICY

The protection of your personal data and the preservation of your privacy is important to us. We promise to handle your data sensitively and carefully and to ensure a high level of data security. Consequently, we consider it a matter of course to comply with the legal provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and any other applicable data protection regulations.

This privacy policy sets out the key aspects of data processing within the context of our website.

2 Contacts
2.1 Name and address of the controller

The controller, as defined in data protection legislation, is as follows:

STOBAG AG
Pilatusring 1
5630 Muri
Switzerland
Phone: + 41 (0)56 675 42 00
E-Mail: dataprotection@stobag.com
Website: www.stobag.com

Please address any inquiries in connection with data protection only to this address. This will make it easier for us to process them.

2.2 Name and address of representative in the EU
The EU representative of the controller is as follows:

STOBAG Alufinish GmbH
Bahnhofstrasse 12–14
79793 Wutöschingen-Horheim
Germany
Phone: +49 (7746) 885 0
E-mail: info@stobag-alufinish.de
Sito web: www.stobag-alufinish.de

3 3    Scope and purpose of the collection, processing and use of personal data
The GDPR defines personal data as “any information relating to an identified or identifiable natural person”. We collect, process and use your personal data for the following purposes:

3.1 Visiting the website
When you access the STOBAG website, our servers automatically store the following data temporarily in a log file known as a server log file:

  • IP address of the requesting device
  • Date and time of access/retrieval
  • Name and URL of the retrieved data
  • Operating system of your device and the browser you use
  • Country from which our website is accessed
  • Name of your internet access provider
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transferred in each case
  • Last visited website
  • Browser settings
  • Language and version of the browser software
  • Enabled browser plugins

All of this is information which cannot be used to identify you personally. The basis for our personal-data collection and storage activities is our legitimate interest, as established in the relevant legislation. Our legitimate interests are as follows:

  • Displaying the contents of our website correctly and to optimize the advertising for them
  • Providing law enforcement officials with information necessary for prosecution in the event of unlawful activity
  • Improving our website and internet presence
  • Collecting statistical information

This data will not be stored together with other personal data. The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. When collecting your personal data for the purpose of displaying the website, this is the case when the relevant browsing session comes to an end.

3.2 Contact
On our website you have the option to contact us via a contact form and/or by e-mail. In this case, the information you provide will be processed for the purpose of handling your request.

If you wish to contact us, the details marked with an asterisk (*) is mandatory. The other details are voluntary:

  • Company
  • Form of address
  • First name*
  • Last name*
  • Street*
  • ZIP code*
  • Region*
  • Country*
  • E-mail address*
  • Telephone number
  • Message

The details identified as mandatory are necessary to process your request. Providing us with additional details makes it easier for us to process your request and enables us to provide you with more detailed information.

The personal data you provide will not be merged with other data.

The basis for the processing of your personal data is our legitimate interest in processing your request. If the purpose of the contact is to fulfill a contract to which you are a party or to carry out pre-contractual measures, this is an additional basis for the processing of your personal data.

You can object to this data processing at any time. Please send your objection to the following e-mail address: stobag.datenschutz(at)infosec.ch and we will follow up with your request. In such cases, your request will not be processed further.

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected. As regards the personal data from the input screen of the contact form and personal data sent by e-mail, this is the case when the respective conversation with you has ended. The conversation ends when it is clear from the circumstances that the matter in question has been resolved or when a conversation is discontinued due to your objection.

3.3 Marketing purposes
We also use your personal data on the basis of our legitimate interest for the following purposes:

  • To maintain a customer relationship with you
  • To continuously improve your shopping experience and make it customer-friendly and personalized
  • To contact you about your orders
  • To keep you up to date regarding specific products and promotions
  • To recommend products or services that may interest you

If you do not want this, you can object at any time to the processing of your personal data for the purpose of direct marketing. If you object, we will no longer process your personal data for this purpose. Please send your objection to the following e-mail address: stobag.datenschutz@infosec.ch.

3.4 Market research
We do not use the data collected within the scope of market and opinion research for advertising purposes. You will find detailed relevant information (especially on the processing of your data) in the respective survey or wherever you provide your data. Your answers to surveys are not passed on to third parties or published.

Your consent is the basis for the processing of your personal data.

3.5 Fulfillment of contractual obligations
For the purpose of fulfilling our contractual and pre-contractual obligations, we process inventory data (e.g. names and addresses as well as contact data) and contract data (e.g. services used, names of contact persons, payment information).

The basis for the processing of your personal data is the fulfillment of a contract to which you are party or the implementation of pre-contractual measures.

If we store your personal data on the basis of a contractual relationship, this data will be stored at least as long as the contractual relationship exists and at most as long as the limitation periods for possible claims from us are active or statutory or while contractual retention obligations are in effect.

4 Registration on the dealer portal
Customers have the option to register on our dealer portal. Within the portal, it is possible to set up additional user accounts. In the input screen, the following personal data may be collected from dealers:

  • First and last name
  • Business e-mail address
  • Login details
  • Most recent login

The data entered during registration is transmitted to us and stored by us.

The portal contains up-to-date information on sales promotions, product news, advertising and other topics relating to STOBAG AG. It is used by dealers to order products and individual materials and to submit service reports.

The basis for the processing of personal data is our legitimate interest in the operation of the portal and optimization of our website. If the use of the portal is for the fulfillment of a contract, or the implemen-tation of pre-contractual measures, this is an additional basis for the processing of personal data.

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the data collected during the registration process
when the registration on our website is canceled or modified.

The customer has the option to cancel or alter the registration at any time. Furthermore, you can modify or delete your personal data at any time. Please send your objection to the following e-mail address: stobag.datenschutz@infosec.ch.

5 Sharing of personal data
We treat your personal data as confidential and only share it with others if you have expressly agreed to this, if we are obliged to do so by law or if this is necessary to exercise our rights, e.g. to assert claims arising from a contractual relationship. In addition, we will share your personal data with third parties if this is necessary for the use of the website or for any provision of the services requested by you or if a contract processing relationship exists. The use of the data shared for this purpose by third parties is strictly limited to the stated purposes.

We also share your personal data to third-party companies (e.g. commissioned service providers or sub-sidiaries) abroad, insofar as this is necessary for the data processing described in this privacy policy. Statutory regulations relating to the sharing of personal data with third parties are observed as a matter of course. If the level of data protection in a country in which the data is processed does not comply with the applicable data protection regulations, we are contractually obliged to ensure that the protection of your personal data is equivalent to that in Switzerland or the European Economic Area (EEA) at all times.

Where we use processors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of your personal data in accordance with the relevant legal provisions.

6 Storage duration
We process and store your personal data only as long as it is necessary for the fulfillment of our con-tractual and legal obligations or otherwise for the purposes pursued with the processing, and beyond that in accordance with statutory retention periods. As soon as your personal data is no longer required for the aforementioned purposes or a prescribed retention period expires, your personal data will be de-leted or anonymized as a matter of course and to the farthest extent possible.

In addition, we will delete your personal data if you request us to do so via sto-bag.datenschutz@infosec.ch and we have no legal or contractual obligation to retain or otherwise secure this data.

7 Cookies
We use cookies on our website on the basis of our legitimate interests. These are small text files that are stored on your device by your browser. When you visit a website, a cookie may be stored on your operating system. This cookie contains a string of characters that enables the browser to be uniquely identified when the website is accessed again.

The use of cookies allows us to tailor our website and our offers to your interests. Cookies enable us to recognize visitors. The purpose of this recognition is to make it easier for you to use our website.

Most of the cookies we use are session cookies. These are automatically deleted when you log out or close the browser. Other cookies persist beyond the end of the session and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit us.

Insofar as other cookies (e.g. cookies to analyze your browsing behavior) are stored, these are treated separately in this privacy policy.

Most internet browsers automatically accept cookies. If you do not want this, you can set your browser to notify you about cookies and to allow this only in individual cases, to exclude the acceptance of cookies for certain cases or generally. Furthermore, you can delete saved cookies at any time. The procedure for checking and deleting cookies depends on the browser you use. You can find information on this in your browser’s help menu.

8 Analytics tools
Our website uses the following web analytics services:

  • Google Analytics Universal
  • Google AdWords
  • Google Tag Manager
  • Google Maps

The details of the individual web analytics services can be found below.

8.1 Google Universal Analytics
We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Park-way, Mountain View, CA 94043, USA), or, if you are ordinarily resident in the European Economic Area (EEA) or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) (“Google”), based on our legitimate interests. Google uses cookies.

We use Google Analytics including Universal Analytics. Universal Analytics allows us to analyze activities on our pages across devices (e.g. when accessed via laptop and later via tablet). This makes it possible to associate data, sessions, and interactions across multiple devices to a pseudonymous user ID and thus allows us to analyze the activities of a user across devices.

The information generated by the cookie about your use of this website (including your IP address) is transferred to a Google server in the USA and stored there. Google is certified under the Privacy Shield framework and thus offers a guarantee to comply with EU data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

Google uses this information on our behalf to analyze your use of our website, to compile reports on website activity and to provide us with additional services related to website and internet usage. The IP address provided by your browser within the context of Google Analytics is not merged with other data from Google.

We only use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within Switzerland or the EU/EEA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

You can prevent the collection and transmission of the data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin (http://tools.google.com/dlpage/gaoptout?hl=en). An opt-out cookie is set to prevent future collection of your data when you visit this website. However, in this case you may not be able to use all the features of this website to their full extent. To prevent Universal Analytics collecting data across multiple devices, you must opt-out on all devices in use. Further information about Universal Analytics can be found here: https://support.google.com/analytics/answer/2838718?hl=en&ref_topic=6010376.

You can find more information on the terms of use and data protection of Google Analytics at http://www.google.com/analytics/terms/de.html or https://policies.google.com/privacy.

8.2 Google Ads
Based on our legitimate interests we use the online advertising program "Google Ads", a service of Google, which is part of Google marketing services.

Google Ads saves a cookie on your device (known as a “conversion cookie”) if you have reached our website via a Google ad. These cookies lose their validity after 30 days, do not contain any personal data and therefore cannot be used for personal identification. If you visit certain pages on our website and the cookie has not expired, we and Google are notified that you have clicked on the ad and have been directed to that page. Each Google Ads customer receives a different cookie. Thus, there is no possibility of cookies being be tracked via the websites of Ads customers. The information collected using the conversion cookie is used to generate conversion statistics for Ads customers who have opted in to conversion tracking. We do not receive any information with which you can be personally identified.

The information collected by the cookie about your use of our website is usually transferred to a Google server in the USA and stored there. Based on the information collected, your browser will be assigned categories relevant to your interests. These categories are used for the purposes of interest-based advertising.

We use the data about you acquired with the above-mentioned cookie (so-called conversion tracking) for the following purposes:

  • Remarketing
  • Targeting specific audiences with common interests
  • Targeting user-defined audiences with common interests
  • Targeting users that are willing to buy
  • Similar audiences
  • Demographic and geographical focus

You also have the option to object to interest-based advertising by Google. To do this, go to http://www.google.com/settings/ads in each of the internet browsers you use and configure the desired settings there.

For more information on the terms of use and data protection in the context of Google AdWords, please follow this link: https://policies.google.com/technologies/ads?hl=en.

8.3 Google Tag Manager
We also use the Google Tag Manager to integrate and manage Google’s analytics and marketing services into our website. Google Tag Manager, a service from Google, is a solution that allows us to manage website tags through a single interface. The Tag Manager tool itself, which implements the tags, is a cookieless domain and does not collect any personal data. However, the tool will trigger other tags, which in turn may collect data. Google Tag Manager itself does not access this data. If this has been disabled at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager. For more information, please refer to the use policy for this service: https://www.google.com/intl/de/tagmanager/use-policy.html.

For more information about Google’s use of data for marketing purposes, please visit the overview page: https://policies.google.com/technologies/ads?hl=en. Google’s privacy policy is available at www.google.com/policies/privacy.

If you wish to opt out of interest-based advertising through Google marketing services, you may use the settings and opt-out options provided by Google: https://adssettings.google.com.

8.4 Google Maps
On the basis of our legitimate interests in the analysis, optimization and commercial operation of our website, we use Google Maps to display maps from Google. Google is certified under the Privacy Shield framework and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI).

This website features content from Google Maps. When you visit this website, data such as your IP address is transmitted to Google in the USA and stored there. Google processes this data in the form of user profiles for the purpose of tailoring services, advertising and market research. If you are signed into Google, this information is directly associated with your account. If you do not want this, you must unsubscribe first. By using this website, you consent to the collection, processing and use of the automatically collected data as well as the data you provide by Google, one of its representatives, or third parties. As the provider of the website, we have no knowledge of the content of the transmitted data or its use by Google. You can prevent the use of Google Maps by disabling JavaScript in your browser settings. However, this may sometimes result in functional impairment when using the website.

For further details on the processing of data by Google Maps, and your rights and settings options for the protection of your privacy, please refer to Google’s terms of use and data protection notices: www.google.com/intl/en_us/help/terms_maps/ and https://policies.google.com/privacy?hl=en

9 Your rights
You are basically entitled to the rights of information, rectification, erasure, restriction, data portability, objection and revocation of consent with regard to your personal data.

If you believe that the processing of your personal data violates data protection law or your data protection rights have otherwise been violated in any way, you can also complain to the supervisory authority.

If you have any questions regarding our privacy policy and for information regarding your rights under this privacy policy and how to exercise them, you can contact us using the contact details provided in section 1 of this privacy policy. Where necessary, we reserve the right to request your identification in a suitable manner for the processing of inquiries.

10 Data security
We take technical and organizational security measures to protect your personal data against tampering, loss, destruction or access by unauthorized persons and to ensure the protection of your rights and compliance with the applicable data protection regulations.

The measures taken are intended to ensure the confidentiality and integrity of your personal data and to guarantee the availability and resilience of our systems and services in the processing of your personal data in the long term. They are also intended to ensure the rapid restoration of the availability of your personal data and access to it in the event of a physical or technical incident.

Our data processing and security measures are continuously improved in line with technological developments.

11 Use of the website by minors
The website is aimed at an adult audience. Minors, especially children under 16 years of age, are prohibited from transmitting personal data to us or registering for a service without the consent or approval of their parents or legal guardians. If we discover that such data have been transmitted to us, it will be deleted. The child’s parents (or legal guardian) can contact us to request deletion or deregistration. For this we need a copy of an official document that identifies you as a parent or legal guardian.

12 Links to websites of other providers
Our website may contain links to websites of other providers to which this privacy policy does not apply. Once the link has been clicked, we no longer have any control over the processing of any data transferred to the third party when the link is clicked (such as the IP address or the URL where the link is located), as the behavior of third parties is naturally beyond our control. We can therefore not assume any responsibility for the processing of your personal data by third parties. If the use of other providers’ websites involves the collection, processing or use of your personal data, please note the data protection information of the respective providers.

13 Changes to the privacy policy
We expressly reserve the right to amend or modify this privacy policy at any time. All changes and additions are at the sole discretion of the company. The current version has been in effect since April 2020.