Data Protection Notice
DATA PROTECTION NOTICE
This data protection information applies to data processing on the www.stetson-europe.com website and all associated sub-domains, and is carried out by the following responsible entity:
Friedrich W. Schneider GmbH & Co. KG
Oskar-Schindler-Str. 11
50769 Cologne
Germany
tel.: +49 221/963558-0
email: [email protected]
The external data protection officer of the Friedrich W. Schneider GmbH & Co. KG is available to you under the following contact details:
Markus Weber
dokuworks GmbH
Essener Str. 1
57234 Wilnsdorf
Definitions
We use the following terms, among others, in this Privacy Policy:
Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
Controller or person responsible for processing
The controller or data processor is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
Consent
Consent shall mean any freely given indication of the data subject’s wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
Collection and Storage of Personal Data as well as the Type and Purpose of their Use
When visiting the website
When you visit our website www.stetson-europe.com, the browser on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted, usually after one week:
- IP address of the requesting computer,
• Date and time of access,
• Name and URL of the data being called up,
• Website from which access is being made (referrer URL),
• Browser used and, if applicable, the operating system of your computer and the name of your access provider.
The data mentioned is processed by us for the following purposes:
- Ensuring a smooth connection to the website,
• Ensuring comfortable use of our website,
• Evaluation of system security and stability,
• Clarification of any abusive page accesses (DoS/DDoS attacks or the like) and
• for further administrative purposes.
The legal basis for data processing is Art. 6 (1) (1) (f) General Data Protection Regulation [GDPR]. Our legitimate interest results from the data collection purposes listed above. As a rule, we do not use the collected data to draw conclusions about you personally. We reserve the right to do this should it become necessary in order to clear up abusive page access.
In addition, we use cookies and analysis services when you visit our website (see Cookies and Analysis Tools)
When registering for our newsletter
If, according to Art. 6 (1) (1) (a) GDPR, you have expressly consented, we will use your email address to regularly send you our newsletter. To receive the newsletter, it is sufficient to provide an email address.
You can also voluntarily provide us with your title, last name and first name (Art. 6 (1) (a) GDPR). If necessary, we will process this additional data based on the consent you gave to personalize our newsletter for you, i.e., to address you personally as the recipient.
The registration for our newsletter takes place in a so-called double opt-in procedure, i.e., after registration you will receive an email in which you will be asked to confirm your registration. The subsequent confirmation is recorded by us for verification purposes; the time of registration and confirmation will be saved along with your email address.
Our newsletter is sent via “mailingwork”, a platform of mailingwork GmbH, Birkenweg 7, 09569 Oederan.
You can unsubscribe from the newsletter at any time, for example via a link at the end of each newsletter.
You can also send the revocation of your consent to the use of your salutation as well as your last name and first name, or also as a request to unsubscribe from the newsletter, to [email protected] by email at any time.
If you unsubscribe from the newsletter, the data you shared with us beyond your email address will also be deleted from the distribution list.
When using our contact form
If you have any questions, we offer you the opportunity to contact us using a form provided on the website. You will need to provide a valid email address so that we know who sent the request and can then respond to it. Further information can be provided voluntarily.
The data processing for the purpose of contacting us takes place in accordance with Art. 6 (1) (1) (a) GDPR on the basis of your voluntarily given consent.
The personal data collected by us for the use of the contact form will be automatically deleted after your inquiry has been handled.
Online job application and publication of job advertisements
We offer you the opportunity to apply for a job via our website. For these digital applications, your applicant and application data will be collected and processed electronically by us for the purpose of handling the application process.
The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with. Art. 88 para. 1 DSGVO.
If an employment contract is concluded after the application process, we will store the data you provided during the application in your personnel file for the purpose of the usual organizational and administrative process – this, of course, in compliance with the more extensive legal obligations.
The legal basis for this processing is also Section 26 (1) sentence 1 BDSG in conjunction with. Art. 88 para. 1 DSGVO.
If an application is rejected, we automatically delete the data provided to us two months after notification of the rejection. However, the deletion does not take place if the data requires longer storage of up to four months or until the conclusion of legal proceedings due to legal provisions, e.g. due to the obligation to provide evidence according to the AGG.
In this case, the legal basis is Art. 6 Para. 1 lit. f) DSGVO and § 24 Para. 1 No. 2 BDSG. Our legitimate interest lies in the legal defense or enforcement.
If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be further processed based on your consent. The legal basis is then Art. 6 para. 1 lit. a) DSGVO. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) DSGVO by declaration to us with effect for the future.
Data protection notice for business partners
We are pleased that you are interested in Friedrich W. Schneider GmbH Co. KG and that you are contacting us.
The protection of your data is very important to us. With the data protection notice, we provide you with the following information in accordance with Art. 13 DSGVO on the processing of your personal data in connection with our business relationship.
Further information about our company, details of the persons authorized to represent us and further contact options can be found at https://stetson-europe.com/imprint-privacy-policy/.
What data do we process and for what purposes?
We only process personal data that we have received from you or, if applicable, from publicly accessible sources in the course of our business relationship.
Personal data in the sense of Art. 4 No. 1 DSGVO can be: Names, telecommunication data and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product data, documentation data, as well as other data comparable with the aforementioned categories.
The provision of your personal data is necessary for the initiation, implementation and processing of the contractual relationship. If it is not provided, it is unfortunately not possible for us to contact you to clarify the pre-contractual or contractual issues.
On what legal basis is the processing of your personal data based?
Your personal data is processed in accordance with the legal provisions of the DSGVO and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate a contract (Art. 6 para. 1 p. 1 lit. b DSGVO),
Furthermore, we may use this data for additional purposes within the scope of our business relationship.
How long is the data stored?
We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods such as the German Commercial Code or the German Fiscal Code.
To whom is the data passed on and where is it processed?
We use the personal data only for our own purposes in the course of the business relationship.
We would like to point out that we generally assume that our e-mail correspondence is business-related and therefore forward e-mails to your representatives in the absence of employees for better service.
Data Transfer
No transfer of your personal data to third parties for purposes other than those listed below shall take place. We will only pass on your personal data to third parties if:
- according to Art. 6 (1) (1) (a) GDPR, you have given express consent to this,
• the transfer according to Art. 6 (1) (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation for the transfer under to Art. 6 (1) (1) (c) GDPR, and
• this is legally permissible and according to Art. 6 (1) (1) (b) GDPR is required for the processing of contractual relationships with you.
Cookies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. Information is stored in the cookie that results in relation to the specific device used. However, this does not mean that we are directly aware of your identity. The use of cookies serves on the one hand to make the use of our offer more pleasant for you. We use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our site.
In addition, to optimize user-friendliness, we also use temporary cookies which are stored on your terminal device for a specified period of time.
When you visit our site again to use our services, it is automatically recognized that you have already visited us and what entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for you so that we can optimize our offer (see Analysis Tools). These cookies enable us to automatically recognize that you have already visited us when you return to our site again. These cookies are automatically deleted after a defined period of time.
We only use cookies if you have given us your consent, Art. 6 (1) (a) GDPR. In this case we process the data collected via these for the purposes mentioned above.
You can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, if you completely deactivate cookies, you may not be able to use all the functions of our website.
Analysis Tools
Tracking tools
The tracking measures listed below and used by us will only be carried out after you have given your consent on the basis of Art. 6 (1) (1) (a) GDPR. With the tracking measures that are then used, we want to ensure a demand-based design and continuous optimization of our website. On the other hand, we use tracking measures to statistically record the use of our website and to evaluate our offer for you so that we can optimize it. The respective data processing purposes and data categories can be found in the information texts for the corresponding tracking tools.
- i) Google Analytics
We use Google Analytics, a web analysis service from Google Ireland Limited (https://www.google.de/
intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). On the other hand, we use tracking measures to statistically record the use of our website and to evaluate our offer for you so that we can optimize it. We carry out this processing exclusively based on the consent you gave us previously (see above under Cookies)
Google Analytics creates pseudonymized usage profiles for us. The information generated by the Google Analytics cookie about your use of this website such as
- Browser type/version,
• Operating system used,
• Referrer URL (the previously visited page),
• Host name of the accessing computer (IP address),
• Time of the server request,
are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and demand-based design of this website. This information may also be transferred to third parties if it is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymized so that an assignment is not possible (IP masking).
You can prevent the installation of cookies at any time by setting the browser software accordingly, even after you have given your consent; however, we would like to point out that in this case not all functions of this website can be used to their full extent.
You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link (https://support.google.com/analytics/answer/6004245?hl=de). An opt-out cookie will be placed which prevents the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found in the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=de).
For more information on the transfer of data to third parties, see Data transfer to the USA.
Social Media Plug-ins
On the basis of Art. 6 (1) (1) (f) GDPR, on this website we use social plug-ins from the Facebook, Google+, Pinterest, YouTube, Vimeo and Instagram social networks in order to make us better known via these social networks. The underlying advertising purpose corresponds to our legitimate interest, Art. 6 (1) (f) GDPR. Responsibility for the data-protection-compliant operation of the social networks must be guaranteed by their respective providers.
These plug-ins are integrated using the so-called two-click method in order to protect users in the best way possible [A6]. This means that when a user visits our site, no personal data is initially transmitted to the plug-in provider. Users can identify the provider of the plug-in by marking the box above its initial letter or the respective logo (e.g. for Facebook: a white “f” on a blue tile or a “thumbs up” symbol). We give users the option of using the button to communicate directly with the provider of the plug-in. The plug-in provider will receive the information that a user has accessed the corresponding website of our online offer only when a user clicks on the highlighted field which activates it. In addition, personal data (in particular the IP address) is then transmitted to the provider of the respective plug-in. Some providers make the IP address anonymous as soon as it is collected. By activating the plug-in, the user’s personal data may be transmitted to the respective plug-in provider and stored there (in the USA for US providers). Since the plug-in provider collects data in particular via cookies, we recommend that users delete all cookies via the security settings of their browser before clicking on the grayed-out box.
We have no influence on the data collected and the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing or the storage periods at the plug-in providers. We also have no information on the deletion of the data collected by the plug-in provider.
The respective plug-in provider stores the data collected about users of our online offer as usage profiles and uses them for the purposes of advertising, market research and/or the demand-based design of their own website. Such an evaluation is carried out in particular (even for users who are not logged in) to display demand-based advertising and to inform other users of the social network about the activities of users on our website. Users have the right to object to the creation of these user profiles, wherein a user has to contact the respective plug-in provider directly to exercise this right. Regardless of this, we offer users the opportunity to interact with social networks and other users via the plug-ins, so that we can improve our offer and make it more interesting for our users.
The data is passed on regardless of whether users have an account with the plug-in provider and are logged in there. If users are logged in with the plug-in provider, the data we collect will be associated directly with their existing accounts with the plug-in provider. If a user presses the activated button and, for example, links the page, the plug-in provider also saves this information in the relevant user account and shares it publicly with the user’s contacts. We therefore recommend logging out regularly after using a social network, but especially before activating the button, as this can avoid an assignment to the profile of the plug-in provider.
Further information on the purpose and scope of data collection and its processing by the plug-in providers can be found in the privacy policies of these providers, which are provided below. There you will also find further information on the rights of users and the options for privacy protect settings within these networks.
- a) Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applicationsand a class=”a-imprint”href=”http://www.facebook.com/about/privacy/your-info#everyoneinfo”>http://www.facebook.com/about/privacy/your-info#everyoneinfo. For more information on the transfer of data to third parties, see Data transfer to the USA.
b) Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de. For more information on the transfer of data to third parties, see Data transfer to the USA.
c) Pinterest Inc., 651 Brannan Street, San Francisco, CA 94103, USA;
https://policy.pinterest.com/de/privacy-policy
d) Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA;
https://help.instagram.com/155833707900388.
e) Vimeo, Inc., 555 West 18th Street, New York, New York 10011; https://vimeo.com/privacy
Integration of YouTube Videos
We have integrated YouTube videos into our online offer; these are stored on http://www.YouTube.com and can be played directly from our website. YouTube is another service of Google. YouTube videos are all integrated in the “extended data protection mode”, which means that no user data is transmitted to YouTube if the user does not play the videos. Only when a user plays the videos, the following data will be transmitted. We have no influence on this data transfer.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO to the processing of your personal data.
When a video is played during a visit to the website, YouTube receives the information that the user has accessed the corresponding subpage of our online offer. In addition, further information about the use of this online offer (including the user’s IP address) is transmitted to a YouTube server in the USA and stored there. This happens regardless of whether YouTube provides a user account that the user is logged in to or if there is no user account. If the user is logged in to YouTube, their data will be associated directly with their account. If a user does not wish to be associated with his or her profile on YouTube, he or she must log out before activating the button. YouTube stores data as usage profiles and uses them for advertising, market research and/or the demand-based design of its website. Such an evaluation takes place in particular (even for users who are not logged in) to provide demand-based advertising and to inform other users of the social network about the user’s activities on our online offer. The user has the right to object to the creation of these user profiles, whereby he or she must address YouTube with the request to exercise this right.
Further information on the purpose and scope of data collection and its processing by YouTube is included in the privacy policy, as well as further information on rights and options for settings to protect privacy: https://www.google.de/intl/de/policies/privacy.
For more information on the transfer of data to third parties, see Data transfer to the USA.
Google Maps
On our website, we use Google Maps to display our location and to create directions. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when you access our website.
If you call up the Google Maps component integrated into our website, Google stores a cookie on your terminal device via your Internet browser. In order to display our location and create directions, your user settings and data are processed. Here, we cannot exclude that Google uses servers in the USA.
The legal basis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.
Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your Internet browser. Details on this can be found above under the item “Cookies”.
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use https://policies.google.com/terms?gl=DE&hl=de and the Terms and Conditions for GoogleMaps https://www.google.com/intl/de_de/help/terms_maps.html.
In addition, Google offers further information at https://adssettings.google.com/authenticated and https://policies.google.com/privacy.
Data transfer to the USA
In its ruling in 2020, the European Court of Justice (ECJ) declared the so-called EU-US Privacy Shield agreement invalid. This was previously considered the legal basis for data transfer to the USA. The General Data Protection Regulation (GDPR) requires that a sufficient level of data protection is guaranteed in a third country for the transfer of personal data to that country. According to the ECJ ruling, this is not the case in the USA, as the US authorities have access to electronic data. In addition, there are hardly any legal protection options for data subjects, so it is not possible to enforce rights against surveillance measures in court. Only an ombudsman procedure is available, but this does not meet the legal standards in the EU.
To ensure a level of security that corresponds to that of the GDPR, we conclude so-called standard contractual clauses with service providers. In addition, a transfer of personal data is possible insofar as the data subject has given his or her express consent to the processing pursuant to Art. 49 (1) p. 1 lit. a DSGVO and has been informed in advance about the associated risks. Therefore, explicit reference is hereby made once again to the legal risks mentioned above.
Affected Rights
You have the right:
* to access information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can access information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on the details of these;
We may only refuse to provide you with access if and to the extent that the access reveals information that, according to a legal provision or by its nature, in particular because of the overriding legitimate interests of a third party, must be kept confidential (Section 29 (1) (2) of the Federal Data Protection Act [BDSG]), the responsible public authority has determined for us that the disclosure of the data would endanger public safety or order, or otherwise be detrimental to the well-being of the federal government or a state (Section 34 (1) (1) BDSG in conjunction with Section 33 (1) (2) (b) BDSG), or the data are only stored because they may not be deleted due to legal or statutory retention requirements, or are used exclusively for data backup or data protection purposes and the provision of access to the information would require a disproportionate effort, and processing for other purposes is excluded through suitable technical and organizational measures (Section 34 (1) (2) BDSG).
* in accordance with Art. 16 GDPR, to immediately request the rectification of incorrect or incomplete personal data stored by us;
* to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;
* to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion and we no longer need the data, but you do need them for the assertion, exercise or defense of legal claims, or you have objected to processing in accordance with Art. 21 GDPR;
* in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another responsible entity;
* to revoke your consent given to us at any time in accordance with Art. 7 (3) GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future,
* if your personal data is being processed based on legitimate interests in accordance with Art. 6 (1) (1) (f) GDPR, to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for this that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection which we will implement without specifying a particular situation.
In addition, you have a general right to complain to the data protection supervisory authority with jurisdiction over you. The authority with jurisdiction over us is the “State Commissioner for Data Protection of North Rhine-Westphalia”.
If you would like to exercise your right of revocation or objection, an email to [email protected] is sufficient.
Data Security
During your visit to our website, we use the popular SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is transmitted in encrypted form, based on whether the closed padlock symbol in the lower status bar of your browser is displayed.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
Updates and changes to this Privacy Policy
This Privacy Policy is currently valid and is dated July 2022. Due to the ongoing development of our website and the offers conveyed therein, or changes in legal or regulatory requirements, it may be necessary to modify this Privacy Policy. You can access and print out the current Privacy Policy on the website at https://stetson-europe.com/imprint-privacy-policy/ at any time.
Contact Details
Friedrich W. Schneider GmbH & Co. KG
Oskar-Schindler-Strasse 11
D-50769 Cologne
Phone +49 221-963558-0
[email protected]
www.stetson-europe.com
Commercial Register no. HRA 1022 Cologne | VAT ID (Sales Tax) no. DE122906259
represented by its General Partner:
Friedrich W. Schneider Verwaltungs GmbH
Commercial Register no. HRB 2625 Cologne, Oskar-Schindler-Strasse 11, D – 50769 Cologne,
which is, in turn, represented by the Managing Directors: Sebastian Boekholt
© 2021 Friedrich W. Schneider GmbH & Co. KG | The photographs are protected under Section 72 of the Copyright Act.
Contact details of the external Data Protection Officer:
Markus Weber
dokuworks GmbH
Birlenbacher Str. 20
57078 Siegen
[email protected]
Web Design and Programming:
Luum GmbH, Bült 13a, 48143 Münster
[email protected], www.luum.ms