Privacy Statement

Privacy Statement

I. Name and address of the entity responsible

The entity responsible within the meaning of the Basic Data Protection Regulation and other national data protection laws of the member states as well as other provisions of data protection law is the:

Sturm Holding GmbH
Industriestraße 10
94330 Salching
Germany

Telephone: +49 9421 5520 – 0

E-mail: info@sturm-gruppe.com
Website: www.sturm-gruppe.de

II. Name and address of the data protection supervisor

The data protection supervisor of the entity responsible is:

Ernst Buchner
Buchner Systemtec
Innere Passauer Str. 2
94315 Straubing
Germany

E-mail: datenschutz@buchner-systemtec.de
Website: www.buchner-systemtec.de

III. General Information on Data Processing

1. Scope of Processing Personal Data

We shall only process the personal data of our users where this is necessary to enable our website and content and services to operate. We only process the personal data of our users on a regular basis with the consent of the user. An exception shall apply in cases where prior consent cannot be obtained for practical reasons and processing the data is permitted by law.

2. Legal Basis for Processing Personal Data

If we obtain consent for processing personal data from the data subject, Art. 6 Para. 1 lit. a EU General Data Protection Regulation (GDPR) shall apply as the legal basis.

When processing the personal data necessary for performing a contract to which the data subject is a party, Art. 6 (1) lit.b GDPR shall apply as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Where the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit.c GDPR shall apply as legal basis.

In the event that the vital interests of the data subject or any other natural person require the processing of personal data, Art. 6 para lit.d GDPR shall apply as the legal basis.

If processing the data is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the previously mentioned interest, Art. 6 para lit.f GDPR shall apply as legal basis for processing.

3. Data Deletion and Storage Duration

The personal data of the data subject shall be deleted or blocked as soon as the purpose of the storage ceases to apply.

The data may be stored beyond this time if there is provision for this according to the European or national legislator in EU regulations, laws or other regulations to which the supervisor is subject.

The data shall also be blocked or deleted when the storage period stipulated by the aforementioned standards expires, unless there is a need to continue storing the data to conclude or fulfil the contract.

IV. Provision of the website and creation of logfiles

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the visiting computer.
The following data are collected:

  • Information about the browser type and version used
  • The operating system of the user
  • The IP address of the user
  • Date, duration and time of access
  • Websites from which the system of the user accesses our website

The data is also stored in the log files of our system. Storage of these data together with other personal data of the user does not take place.

2. Legal Basis for Data Processing

The temporary storage of data and logfiles shall be subject to Art. 6 (1) lit.f GDPR as the legal basis.

3. Purpose of the Data Processing

The data is stored in log files to ensure the website functions. The data is also used to optimise the website and to ensure that our information technology systems are secure. The data is not evaluated for marketing purposes in this connection.
Our legitimate interest also lies in the data processing according to Art. 6 lit.f GDPR as the legal basis.

4. Duration of Storage

Any data stored in log files are stored for no more than seven days. Additional storage is available. In this case, the IP addresses of the users are anonymised, so that it is no longer possible to assign the data to the visiting client.

5. Possibility of Objection and Removal

Collecting data for the provision of the website and storing the data in log files is essential for the website to operate. It is therefore not possible for the user to object.

V. Links to other Providers

Our website also contains links to the Internet sites of other companies which are clearly recognisable. Where there are links to the websites of other providers, we have no influence on the content of these websites. Therefore, no guarantee can be given or liability accepted for their content. The providers or operators of the pages themselves are always responsible for the content of these pages. The linked pages were checked for possible legal violations and identifiable infringements at the time the links were created. No illegal content was recognised at the time the links were created. However, it is not reasonable to expect the linked pages to be constantly monitored without concrete evidence of an infringement. The relevant links will be removed immediately after we have been notified of any infringements.

VI. E-Mail Contact

1. Description and Scope of Data Processing

Contact can be established via the respective e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties The data is used exclusively for the processing of the conversation.

2. Legal Basis for Processing the Data

The legal basis for the processing of the data is Art.6 Para.1 lit.a GDPR (General Data Protection Regulation) if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art.6 Para. 1 lit.f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art.6 Para. 1 lit.b GDPR.

3. Purpose of Processing the Data

The processing of personal data serves us solely to process the establishment of contact. In case of contacting us by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

4. Duration of Storage

The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected The conversation ends when it can be inferred from the circumstances that the facts in question have been conclusively clarified.

5. Possibility of Revocation and Removal

The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The revocation of the consent and the objection of the storage of the data are to be addressed by post or by e-mail to the contact data of the person responsible (see imprint). In this case, all personal data stored in the course of establishing contact will be deleted.

VII. SSL or TLS Encryption

This site uses SSL or TLS encryption for security purposes and for protecting the transmission of confidential content, such as orders or requests which you send to us as the site operator.
You can recognise an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in your browser line. When SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

VIII. Rights of the Data Subject

If you process personal data, you are the data subject according to the GDPR and you are entitled to the following rights in respect of the supervisor:

1. Right to Confirmation

If you have the right of rectification, deletion or restriction of processing by the supervisor, they are obliged to notify all recipients, to whom your personal data have been disclosed, of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have a right to be informed by the supervisor about these recipients.

2. Right to Information

You may ask the supervisor to confirm if we have processed your personal data.

If we have processed such data, you can request the following information from the supervisor:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data which are processed;
  3. the recipients or categories of recipients to whom your personal data have been disclosed or are still being disclosed;
  4. the planned storage duration of your personal data or, if specific information is not available, criteria for determining the storage duration;
  5. the existence of a right to rectification or deletion of your personal data, a right to restriction of processing by the supervisor or a right to object to such processing;
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the source of the data if the personal data are not collected from the data subject;
  8. the existence of automated decision-making including profiling under Art. 22 Par. 1 and 4 GDPR and, at least in these cases, significant information about the logic involved and the scope and intended impact of such processing on the data subject. You have the right to request information about whether your personal data is transferred to a third country or to an international organisation. In this connection, you can demand the appropriate guarantees according to Art. 46 GDPR in relation to the transfer.

3. Right to Rectification

If your processed personal data are incorrect or incomplete, you have a right to rectification and/or completion by the supervisor. The supervisor must make the correction without delay.

4. Right to Restrict Processing

You may demand the restriction of processing of your personal data under the following conditions:

  1. If you dispute the accuracy of your personal data for a period of time which enables the supervisor to verify the accuracy of your personal data;
  2. the processing is unlawful and you refuse to delete the personal data and instead demand a restriction of the use of the personal data;
  3. the supervisor no longer requires personal data for the purposes of processing but you need them in order to assert, exercise or defend legal claims or
  4. if you have objected to the processing according to Art. 21 Par. 1 GDPR and it is not yet certain whether the legitimate reasons of the supervisor will prevail over your reasons.

If processing your personal data has been restricted, these data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for important reasons of public interest to the Union or a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, the supervisor shall inform you before the restriction is lifted.

5. Right to Deletion (right to be forgotten)

a) Obligation to Delete

You may demand that the supervisor delete your personal data without delay, and the supervisor is required to delete these data immediately if one of the following is true:

  1. Your personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent to your personal data being processed according to Art. 6 Para. 1 lit. a or Art. 9 Para. 2 lit. a GDPR and there is no other legal basis for processing them.
  3. You object to your personal data being processed according to Art. 21 Para. 1 GDPR and there are no prior justifiable reasons for processing them, or you object to such processing according to Art. 21 Para. 2 GDPR .
  4. Your personal data have been processed unlawfully.
  5. Deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the supervisor is subject.
  6. Your personal data were collected
b) Information to Third Parties

If the supervisor has made your personal data public and is obliged to delete them in accordance with Art. 17 Par. 1 GDPR, then they shall take appropriate measures, including technical measures, taking into account the technological and implementation costs, to inform the person responsible for data processing who is processing your personal data that you, as the person affected, have demanded that they delete all links to these personal data or copies or replications of these personal data.

c) Exceptions

The right to delete does not exist if the processing is necessary

    1. in order to exercise the right to freedom of expression and information;
    2. in order to fulfil a legal obligation required by the law of the Union or of the Member States to which the supervisor is subject, or in order to carry out a task which is in the public interest or in the exercise of official authority which is conferred on the supervisor;
    3. for reasons of public interest in the area of public health according to Art. 9 Par. 2 lit.h and i and Art. 9 Par. 3 GDPR;
    4. for archival purposes of public interest, scientific or historical research purposes or for statistical purposes according to Art. 89 Par. 1 GDPR, insofar as the law referred to in sub-paragraph (a) is likely to render impossible or to seriously affect achieving the objectives of that processing, or
    5. to assert, exercise or defend legal claims.

6. Right to Data Portability

You have the right to receive personal data relating to you which you have supplied to the supervisor in a structured, common and machine-readable format. You also have the right to transfer these data to another supervisor without hindrance from the supervisor to whom the personal data was supplied, provided that

    1. the processing is based on consent according to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract according to Art. 6 para. 1 lit. b GDPR and
    2. the processing is via automated procedures.

In exercising this right, you also have the right to have your personal data transmitted directly from one person to another where this is technically feasible. The freedoms and rights of other persons may not be affected.
The right to data portability does not apply to the processing of personal data necessary for carrying out a task performed in the public interest or in the exercise of official authority which is conferred on the supervisor.

7. Right to Object

You have the right at all times to object to your personal data being processed for reasons arising from your particular situation according to Art. 6 para. 1 lit , e or f GDPR; this also applies to any profiling based on these provisions.

The supervisor shall no longer process your personal data unless he can demonstrate that he has compelling legitimate reasons for processing the data which outweigh your interests, rights and freedoms or that the processing of your data is for the purpose of asserting, exercising or defending legal claims.

If your personal data are processed for direct advertising purposes, you shall have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to your data being processed for direct advertising purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EG, you have the option in relation to using the information society services to exercise your right to object through automated procedures where technical specifications are used.

8. Right to Revoke the Declaration of Consent under Data Protection Law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent before it was revoked.

9. Automated Decision in Individual Cases Including Profiling

You shall have the right not to be subject to a decision relating exclusively to automated processing (including profiling) which produces legal effects concerning you or significantly affects you in a similar manner.
This does not apply if the decision

      1. is required for the conclusion or performance of a contract between you and the supervisor,
      2. is permissible on the basis of the legislation of the Union or Member State to which the supervisor is subject if this legislation contains adequate measures to safeguard your rights and freedoms and your legitimate interests, or
      3. takes place with your express consent.

However, these decisions must not be based on specific categories of personal data according to Art. 9 Par. 1 GDPR, unless Art. 9 Para. 2 lit, a or g GDPR applies and reasonable measures have been taken to protect the rights and freedoms and your legitimate interests.

With regard to the cases referred to in (1) and (3), the supervisor shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, including at least the right to obtain human intervention on the part of the supervisor, to state their own position and to challenge the decision.

10. Right of Appeal to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you shall have the right to complain to a supervisory authority, in particular in the Member State of its residence, its place of work or the place of alleged violation, if you believe that the processing of your personal data is in violation of the GDPR.

The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy according to Art.78 GDPR.