Data privacy declaration
1. GOALS AND RESPONSIBLE ENTITY
1.1 This privacy statement contains information about the type, scope, and purpose of processing of personal data within our online presence and the associated web sites, functions, and content (hereafter collectively called "online presence" or "web site"). The privacy statement is applicable regardless of the domains, systems, platforms, or devices (e.g. desktop or mobile) on which the online presence is visited.
1.2 Provider of the online presence and responsible entity in terms of data protection issues is Sturm Handels GmbH, Graf-Bentzel-Str. 85, 72108 Rottenburg, (hereafter called "provider", "we", or "us"). For contact information, please see our company details.
1.3 The term "user" refers to all customers and visitors of our online presence. The terms used to describe persons, e.g. "user", refer to both genders.
2. BASIC INFORMATION ABOUT DATA PROCESSING
2.1 We process personal data of our users only according to applicable data protection regulations. This means that user data are only processed with legal permission, i.e. in particular when processing of data is necessary or required by law in order to provide our contractual and online services (e.g. order handling), if we have the user's permission, or in order to preserve our justified interests (i.e. purposes of analysis, optimization, and efficient operation of our online presence), especially range analysis, collection of access data, and use of third party services.
2.2 Regarding the processing of personal data based on the GDPR (Datenschutzverordnung =DSGVO) to take effect on 25 May 2018, we point out that the legal basis for user consent is Art. 6 Par. 1 a and Art. 7 of the DSGVO; the legal basis for data processing for the purpose of providing our services and fulfilling contractual measures is Art. 6 Par. 1 b of the DSGVO; the legal basis for data processing for the purpose of fulfilling our legal obligations is Art. 6 Par. 1 c of the DSGVO; and the legal basis for preserving our justified interests is Art. 6 Par.1 f of the DSGVO.
2.3 We take organizational, contractual, and technological security measures according to the state of the art in order to ensure that the requirements of data protection regulations are met and to thereby protect the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
2.4 To the extent that content, tools, or other means by other providers (hereafter collectively called "third-party providers") are used in the context of this privacy statement), and these third-party providers are headquartered outside of Germany, it must be assumed that data are transferred to the home states of those third-party providers. Transfer of data to third countries takes place either based on legal permission, consent by the user, or special contract clauses that guarantee the legally prerequisite safety of the data.
3. PROCESSING OF PERSONAL DATA
3.1 Apart from the processing explicitly listed in this privacy statement, personal data is processed for the purpose of fulfilling our contractual obligations and implementation of pre-contractual measures, as well as fulfillment of legal obligations. These include the provision, implementation, maintenance, optimization, and securing of our user services.
3.2 We only transfer user data to third parties if it is necessary for billing purposes (e.g. to a payment services provider) or for other purposes if they are necessary to fulfill our contractual obligations toward our users (e.g. address information to suppliers).
3.3 When users contact us (via our contact form or e-mail), their information is stored for the purpose of handling the inquiry and in case of follow-up questions.
4. COLLECTION OF ACCESS DATA
4.1 Based in our justified interests, we collect data on every access to the server where this service is located (so-called server log files). Access data include the name of the accessed web site, file, date and time of the access, amount of data transferred, report of successful access, browser type and version, the user's operating system, referrer URL (site previously visited), IP-address, and the requesting provider.
4.2 We use the protocol data without associating it with the user's person or creating any other type of profile according to the legal regulations, and only for statistical analysis for the purpose of operation, safety, and optimization of our online presence. We do reserve the right, however, to check the protocol data at a later date if there is justified suspicion of unlawful usage based on concrete indications.
5. COOKIES & RANGE ANALYSIS
5.1 Cookies are information files that are transferred by our web servers or third-party web servers to the user's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Users are informed in this privacy statement about the use of cookies as part of range analysis using pseudonyms.
5.2 If users do not want cookies to be stored on their computer, they are asked to please deactivate the appropriate option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Blocking cookies can lead to loss of functionality of this online presence.
6. NEWSLETTER
6.1 The following notes are to inform you of the content of our newsletter, as well as the registration, distribution, and statistical analysis processes and your rights of objection. By subscribing to our newsletter, you declare your consent to receiving it and to the described processes.
6.2 Content of the newsletter: We distribute newsletters, e-mails, and other electronic messages containing advertising information (hereafter "newsletter") only with the recipient's consent or with legal permission. If the content of the newsletter is described concretely during the subscription process, that content is relevant for the user's consent.
6.3 Double-Opt-In and logging: Registering for our newsletter is done with a so-called double opt-in process. That means, after registering you receive an e-mail asking you to confirm your registration. This confirmation is necessary so nobody can register with another person's e-mail address. The registrations for the newsletter are logged, in order to be able to track the registration process in accordance with legal requirements. This includes recording the time of the registration and the confirmation, as well as the IP address. Changes to your data stored with the distribution service provider are also logged.
6.4 Distribution service provider: Our newsletter is distributed by CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany (hereafter called "distribution service provider"). To view the distribution service provider's privacy statement, please visit: https://www.cleverreach.com/en/privacy-policy/.
6.5 The e-mail addresses of our newsletter recipients, as well as their further data as described in these notes are stored on the servers of the distribution service provider. The distribution service provider uses this information to send the newsletter and analyze it on our behalf. Furthermore, the distribution service provider can use these data to optimize or improve their own services, e.g. for technical optimization of the distribution process and display of the newsletter, or for commercial purposes in order to determine the home countries of the recipients. However, the distribution service provider does not use the data of our newsletter recipients to contact them directly, or provide the data to third parties.
6.6 Registration information: To register for our newsletter, please enter your e-mail address. We also ask that you enter your first and last name so we can personalize the newsletter.
6.7 Statistical surveying and analyses - The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is queried by the distribution service provider's server when the newsletter is opened. This query initially collects technical information, such as information about your browser and your system, as well as your IP address and the time of the query. This information is used for the technical improvement of the service based on technical data, or improving the target groups and their reading behavior based on where they accessed the newsletter (which can be determined using the IP address) or when. The statistical data collection also includes determining whether the newsletters are being opened, when they are opened, and what links are being clicked. This information can be associated with individual newsletter recipients for technical reasons. However, it is not our intention, nor that of the distribution service provider, to watch individual users. The analyses merely serve to recognize our users' reading habits and adjust our content accordingly, or to distribute varying content depending on our users' interests.
6.8 The use of the distribution service provider, implementation of the statistical surveys and analyses, as well as logging of the registration process are based on our justified interests. Our interest is to operate a user-friendly and safe newsletter system that serves our business interests and meets our users' expectations.
6.9 Cancellation/Withdrawal - You can cancel your subscription to our newsletter, i.e. withdraw your consent at any time. This simultaneously cancels your consent to the newsletter's distribution by the service provider and the statistical analyses. Separate cancellation of the distribution by the service provider or the statistical analysis is not possible. You will find a link for unsubscribing at the end of each newsletter.
7. GOOGLE MAPS
This web site uses the map service Google Maps through an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. The provider of this web site has no influence on this data transfer.
We use Google Maps in order to present our online presence in an appealing manner and to assist users in finding the locations we list on the web site more easily. This constitutes justified interest as defined by Art. 6 Par. 1 f of the DSGVO.
For more information on the handling of user data, please refer to Google's privacy statement: https://www.google.de/intl/en/policies/privacy/.
8. INTEGRATION OF THIRD-PARTY SERVICES AND CONTENT
8.1 Based on our justified interests (i.e. interest in the analysis, optimization, and economical operation of or online presence), we use services or content by third-party providers within our online presence in order to integrate their content and services, such as videos or fonts (hereafter uniformly called "content"). This always presupposes that the third-party providers of this content can identify the user's IP address, as without the IP address they could not send the content to the user's browser. The IP address is thus necessary for displaying this content. We strive to use only content whose respective provider uses the IP address only to deliver the content. Third-party providers can use so-called pixel tags (invisible graphics, also called "web beacons") for statistical or marketing purposes. These "pixel-tags" make it possible to analyze information such as visitor traffic on this web site. The pseudonym information can also be stored on the users' devices in cookies and can, among other things, contain technical information on the browser and operating system, referring web sites, time of visit, and other information on the use of our online presence, which can be connected with such information from other sources.
8.2 The following illustration is an overview of third party providers and their content, as well as links to their privacy statements, which contain further information on data processing and, as already mentioned here, objection options (so-called opt-out): External fonts by Google Fonts (Google LLC): https://policies.google.com/terms?hl=en. Integration of the fonts is accomplished by a server access at Google Fonts in the USA. Associated privacy statement: https://policies.google.com/privacy?hl=en
9. USER RIGHTS AND DELETION OF DATA
9.1 Users have the right to request information free of charge about the personal data we have stored about them. Users also have the right to have false data corrected, to have their personal data blocked and deleted if applicable, to exert their right to data portability and, in case of suspicion of unlawful data processing, to submit a complaint to the relevant supervisory authority. Furthermore, users can always withdraw their consent with future effect.
9.2 The data we have stored are deleted as soon as they are no longer needed for their intended purpose and there are no legal retention obligations preventing the deletion.
10. RIGHT OF OBJECTION
Users can object to the future processing of their personal data according to the legal requirements at any time. The objection may be submitted in particular to the processing for purposes of direct advertising.
11. CHANGES TO THE PRIVACY STATEMENT
11.1 We reserve the right to change the privacy statement in order to adapt it to changed legal circumstances, and to changes of our service and data processing. However, this only applies with regard to declarations on data processing. Where user consent is required or parts of the privacy statement contain regulations regarding the contractual relationship with users, changes are only made with user agreement.
11.2 Users are asked to keep informed about the content of the privacy statement.
12. DATA PROTECTION OFFICER:
The data protection officer of Sturm-Handels-GmbH is at your service at:
dsb@sturm-miltec.de any time to answer questions or respond to requests.
13. RESPONSIBLE SUPERVISORY AUTHORITY
Baden-Württemberg
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State representative for data protection and freedom of information Baden-Württemberg)
PO Box 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Phone: 0711/61 55 41 - 0
Fax: 0711/61 55 41 - 15
E-mail: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de
14. NOTICE SYSTEM
14.1 Which of your data do we process?
The following data is processed as part of the whistleblower system: Details of the accused person (in particular surname, first name, title, contact details, position and employment details), details of the (alleged) breaches of conduct and the relevant facts. As the reporting procedure stipulates that reports can be made anonymously, no personal data is collected unless the whistleblower states otherwise. Otherwise, personal data such as the name of the reporting person, their contact details and, if applicable, the circumstances of their observation may be considered.
14.2 What are the purposes of data processing?
The purpose of data processing within the framework of the whistleblower system is to receive and clarify serious suspicions of breaches of regulations, in particular criminal offences in the area of white-collar crime and corruption.
14.3 What is the legal basis for data processing?
Personal data of the whistleblower is generally only processed with their consent (Art. 6 para. 1 lit. a GDPR). In other cases, the processing of personal data in the whistleblower system is carried out on the basis of Art. 6 para. 1 lit. f to safeguard the overriding legitimate interest of the controller. This legitimate interest lies in preventing and combating corruption and in processing serious suspected cases of other breaches of regulations and protecting the controller and its employees from potential damage. As reporting violations helps to avoid legal consequences such as criminal prosecution, claims for damages and immense damage to reputation, the legitimate interests of the data subjects in the exclusion of processing or use do not prevail.
14.4 How long will the data be stored?
Personal data is stored for the period necessary to clarify and conclusively assess the report. Once the investigation has been completed, the personal data will be deleted in accordance with legal requirements. In the event that judicial and/or disciplinary proceedings are initiated, the data may be stored until the conclusion of the proceedings or until the expiry of the time limits for legal remedies. Personal data in connection with unfounded reports will be deleted immediately.
14.5 To which recipients will the data be forwarded
The controller ensures that personal data is only accessible to a limited number of authorised persons who need to know this data in order to provide the above-mentioned processing purposes.
If necessary to clarify the facts of the case, personal data may be forwarded to individual, carefully selected persons of the controller to the extent necessary. Every person who receives access to the data is obliged to maintain confidentiality.
Your personal data will not be passed on or otherwise transferred to third parties unless this is necessary for the purposes of criminal prosecution. Personal data may be disclosed to third parties if this is required by law or orders issued by government bodies.
14.6 Where is the data processed?
Your personal data is processed by us exclusively in data centres in the Federal Republic of Germany.
The controller uses technical and organisational measures to protect the personal data to be managed by using the whistleblowing system from unauthorised access, disclosure, misuse, manipulation, loss and destruction during its collection, processing and use. The service providers used by the controller are obliged to the same extent.
14.7 Where can you lodge a complaint?
You have the option of lodging a complaint with the data protection officer named above or with a data protection supervisory authority. The data protection supervisory authority responsible for us is
The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Lautenschlagerstraße 20, 70173 Stuttgart
Tel.: 0711/61 55 41 - 0 Fa: 0711/61 55 41 - 15
E-mail: poststelle@lfdi.bwl.de
Internet: www.baden-wuerttemberg.datenschutz.de
15. REPORTING OPTIONS IN THE WHISTLEBLOWER SYSTEM
15.1 Anonymous reporting option
To ensure that the whistleblowing system cannot be traced, you will not find a clickable link to the page here, but only the Internet address.
Please copy this link:
into the address bar of your private browser. You will be connected directly to the Sturm Handels GmbH whistleblower portal.
Or, Copy the following link wbs.sycobase.app into your private browser and use one of the following search terms to find our company:
Sturm, Sturm Handels GmbH
15.2 Further reporting options
Take a photo of the QR code with your smartphone to go directly to our whistleblower portal.
On the homepage of the portal you will find information on how to handle reports.
In the whistleblower portal itself, you can decide at the beginning whether you would like to submit an anonymous or named report.
Status: 19.12.2023
