Please select language

Sto data protection notice

A. Data controller

The data controller responsible for the personal data processed on this website in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

Sto SE & Co. KGaA

Ehrenbachstr. 1

D-79780 Stühlingen

Tel.: +49 77 44 57-0

Web: https://www.sto.de

E-mail: infoservice@sto.com

Our data protection officer:

infoservice@sto.com

This privacy statement explains how we process your personal data (hereinafter referred to as “data”).

B. Data processing

We process personal data as part of the operation of our website. Data processing also includes disclosure by transmission.

The EU-US Privacy Shield framework agreed by the EU Commission makes provision for the protection of data transferred to the USA. In the framework agreement, the Commission certifies that the guarantees for data transfer to the USA based on the EU-US Privacy Shield meet the same data protection standards as in the EU. Insofar as we transfer data to the USA, we have identified that our service providers participate in the EU-US Privacy Shield.

The specific items of data affected, purposes of processing, legal bases, recipients, and transfers to non-member countries are listed below:

a) Log file

We log your visits to our website. In so doing we process the following data: the name of the web page you visited, the date and time you visited the page, the amount of data transferred, the browser type and version, the operating system you used, the referrer URL (the previous website you visited), your IP address, and the requesting provider. This is necessary in order to keep our website secure. We process the aforementioned data on the basis of our legitimate interests in accordance with Article 6, Paragraph 1 (f) of the GDPR. The log file is deleted after a period of seven days unless it is required to verify actual legal infringements that become known during this period.

b) Hosting

In the context of hosting, all data processed in association with the operation of this website is saved. This is necessary in order for our website to operate. We process the aforementioned data on the basis of our legitimate interests in accordance with Article 6, Paragraph 1 (f) of the GDPR. To maintain our online presence, we use the services of web hosting providers, to whom we transfer the aforementioned data.

c) Establishing contact

If you establish contact with us, your data (name, contact details, if you provide them) and your message will be processed exclusively for the purposes of dealing with your request. We process this data on the basis of Article 6, Paragraph 1 (b) of the GDPR or Article 6, Paragraph 1 (f) of the GDPR in order to deal with your request.

d) Newsletter

We offer you the option of receiving a newsletter so that we can share with you regular information about our company and our offers. If you subscribe to our newsletter, we will process the data you provide when doing so (e-mail address and other information shared voluntarily).

The sending of the newsletter via subscription is based on your consent in accordance with Article 6, Paragraph 1 (a) of the GDPR.

Subscription to the newsletter is based on what is known as the double opt-in method. To prevent abuse, once you have subscribed, we will send you an e-mail asking you to confirm your subscription. Your subscription is logged so that we can verify that the subscription process complies with the legal requirements. The log entry records the time and date you initially subscribed and the time and date you confirmed your subscription, along with your IP address.

e) Website analysis and marketing

We use cookies in order to enable the use of certain functions. Cookies are small data packages stored on your device which are exchanged with other providers. Some of the cookies we use are deleted immediately after you close your browser (these are known as session cookies). Other cookies remain on your device, enabling your browser to be recognised the next time you visit our website (persistent cookies).

You can delete all cookies stored on your device and configure the commonly available browsers to prevent cookies from being saved.

If you choose to do this, you might have to make some settings again every time you visit this website; this may impair the operation of some of its functions.

We use cookies in conjunction with the following functionalities:

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics uses what are known as cookies, or text files, that are stored on your computer and allow for your use of the website to be analysed. The information regarding your use of this website generated by the cookie is generally transferred to and stored on a server in the USA by Google. In case of anonymous IP activation on this website, however, Google will shorten your IP address beforehand within member states of the European Union or in other countries which are parties to the European Economic Area agreement. Only under exceptional circumstances will the complete IP address be transferred to a Google server in the USA and shortened there. The IP address transferred via your browser by Google Analytics will not be associated with any other data held by Google. Google will use this information to analyse your use of the website, to compile reports on website activity, and to provide further services associated with use of the website and the Internet for the website operator. These purposes also provide our legitimate interest in processing data. The legal basis for the use of Google Analytics is Article 6, Paragraph 1 (f) of the GDPR. Data sent by us and linked to cookies, user IDs, or advertising IDs will be automatically deleted after 14 months. Any data that needs to be deleted because the end of the retention period has been reached is deleted automatically once a month. More information about terms of use and data protection is available at:

https://www.google.com/analytics/terms/de.html

or at:

https://policies.google.com/?hl=de

You can prevent the storage of cookies by configuring your browser software accordingly. However, please note that this may mean that you are unable to use all the functions of this website to the full extent. You can also prevent Google from collecting or processing the data generated by cookies and relating to your use of the website (incl. your IP address) by downloading and installing the browser plug-in available via the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

You can find out more by reading the privacy policy of the provider of the Google Analytics service:

https://support.google.com/analytics/answer/6004245?hl=de


f) Integration of external content

We use external dynamic content to optimise the appearance and content of our website. When you visit our website, a request is sent automatically to the corresponding content provider's server via API. Certain log data (e.g. the user's IP address) is transferred in this request. The dynamic content is then transferred to our website, where it is displayed.

We use external content in conjunction with the following functionalities:

aa) Integration of YouTube videos

We have integrated videos from the YouTube portal operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”) into our website. When videos are played back, log data is transferred to YouTube's servers in the USA. This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our content in accordance with Article 6, Paragraph 1 (f) of the GDPR.

YouTube is certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

bb) Google Maps

We use Google's “Google Maps” to provide you with an interactive map. When the map is displayed, data including your IP address and location is transferred to Google's servers in the USA and stored there. This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our content in accordance with Article 6, Paragraph 1 (f) of the GDPR.

Google is certified under:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information about data protection is available at: https://policies.google.com/privacy?hl=de&gl=de

g) Social plug-ins

We use third-party providers' plug-ins on our websites. They enable you to let your contacts know that you like our online content, post links to content, and share content. The plug-ins are identified by the logo of the corresponding third-party provider.

When you visit our site, your data is transferred to that third-party provider.

If you are also a user registered with a third-party provider, this data can be assigned to the user account you hold with the provider.

This data may also be transferred to the third-party provider even if you are not registered as a user with that third-party provider and do not click the plug-in on our web pages.

However, if data is transferred and you are not logged in as a user with the third-party provider at the same time, it is not instantly possible to make a direct personal link to you on the basis of the IP address, for example. This would require the provision of information from your provider.

The purpose and scope of data processing by the third-party provider will be outlined in the provider's privacy policy.

This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our online content in accordance with Article 6, Paragraph 1 (f) of the GDPR.

Plug-ins from the following providers are used on our website:

• Facebook plug-in, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Certified under: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

More information is available at: https://www.facebook.com/privacy/explanation

• Twitter plug-in, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

Certified under: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

More information is available at: https://twitter.com/de/privacy

• Google+ plug-in, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

• YouTube plug-in, Google Inc., headquartered in San Bruno, California, USA

Certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

• Xing plug-in, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

More information is available at: https://www.xing.com/privacy

• LinkedIN plug-in, LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale CA 94085 USA

More information is available at: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

Certified under:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

• AddThis plug-in, Oracle America Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, USA.

More information is available at: http://www.addthis.com/privacy/privacy-policy

Certified under:

https://www.privacyshield.gov/participant?id=a2zt00000000181AAA&status=Active

C. Data retention period

We save personal data only for as long as is necessary for the purposes for which it is being processed or until you withdraw your consent. Insofar as statutory retention requirements need to be complied with, the retention period for certain data can be up to 10 years, regardless of the purposes for which the data is being processed.

D. Your rights as a data subject

a) Information and access

You can request information free of charge at any time about all personal data we are holding for you.

b) Rectification, erasure, restriction of processing (blocking), objection

If you no longer agree to your personal data being stored or if your personal data is no longer correct, on receipt of a corresponding instruction from you, we will have your data deleted or blocked or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are to restrict the processing of your data in the future.

c) Data portability

On request we will provide your data to you in a commonly used, structured, and machine-readable format so that you can transfer this data to another controller should you wish to do so.

d) Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority:

(https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

e) Right to withdraw consent with effect for the future

You can withdraw consent with effect for the future at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

f) Restrictions

The above rights do not apply to data where we are not able to identify the data subject (if the data has been anonymised for analysis purposes, for example). It may be possible for you to exercise your right to access/be informed, right to erasure, right to block, right to rectification, or right to transfer to another organisation in relation to this data if you provide us with additional information that will enable us to identify you.

g) Exercising your rights as a data subject

If you have any questions about the processing of your personal data or if you wish to exercise your right to access/be informed, right to rectification, right to block, right to object, or right to erasure, or should you wish to submit a request for your data to be transferred to another organisation, please contact infoservice@sto.com.

RIGHT OFFCANVAS AREA