Name and address of the controller
The controller within the meaning of the DSG and the GDPR and other provisions of data protection law is:
STF Swiss AG
c/o OPES AG
6003 Luzern, Switzerland
Phone: +49 (0)2594 5093-110
Contact details of the Data Protection Officer:
STF Gruppe GmbH
Wierlings Esch 14
48249 Dülmen, Germany
1. Scope of the processing of personal data
We primarily process the personal data that we receive from our business partners in the context of our customer relationships and other contractual relationships with them or that we collect from users when operating our website (hereinafter referred to as “Users”).
We generally process personal data of our Users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our Users is generally only carried out with the consent of the User. An exception applies in those cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by statutory provisions.
2. Purposes of data processing
We use the personal data we collect primarily to conclude and process our contractual relationships with customers and business partners. Your data may be used for the following purposes in particular:
- Operational purposes
- Identification and authorisation
- Communication and information
- Documentation of activities (e.g. meetings, agreements)
- Complaint management
In addition, personal data of visitors and persons who have requested services or with whom a business relationship already exists may be used for:
- Provision of information and requested services (e.g. newsletters)
- Monitoring and security checks of personal data of business partners
- Handling of transactions and logistics
- Authorisation and identification management for electronic procedures, including technical support and troubleshooting
- Administrative communication
- Monitoring, controls, surveys
In addition, we also process your personal data, to the extent permitted by law or regulation, for the following purposes, in which we have a legitimate interest pursuant to Article 6(1)(f) GDPR
- Provision and further development of our offers, services and websites and other platforms
- Advertising and marketing, provided there is no objection to the use of data
- Assertion of legal claims and defence in connection with legal disputes and official proceedings
3. E-mail contact
It is possible to contact us via the e-mail address provided on our website. In this case, the personal data of the User transmitted with the e-mail will be stored. In this context, the data will not be passed on to third parties.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Article 6(1)(f) GDPR.
The personal data sent by e-mail will be archived and protected from unauthorised access once the respective communication with the User is terminated. The communication is terminated once it can be inferred from the circumstances that the relevant matter has been conclusively clarified.
The legal basis for the processing of data after subscribing to the newsletter requires the consent of the User pursuant to Article 6(1)(a) GDPR.
The legal basis for the processing of personal data by using technically necessary cookies is Article 6(1)(f) GDPR.
6. Use of Google Analytics
Our website uses functions of the web analytics service Google Analytics, an analytics service provided by Google Inc (“Google”). Cookies are used for this purpose, which enable an analysis of the use of the website by its Users (for cookies, see above). The information thus generated is transferred to the provider’s server and stored there. We have concluded a corresponding contract for order processing with Google Inc.
The legal basis for the processing of the Users’ personal data is Article 6(1)(f) GDPR.
The processing of the Users’ personal data enables us to analyse the browsing behaviour of our Users. By evaluating the data obtained, we can compile information about the use of the individual elements of our website. This helps us to continuously improve our website and its user-friendliness. This is also based on our legitimate interest within the meaning of Article 6 (1)(f) GDPR.
7. Site map / Google Maps
We use the Google Maps API on our website, a map service provided by Google Inc (“Google”) to display an interactive map. By using Google Maps, information about your use of this website (including your IP address) may be transmitted to and stored by Google on servers in the United States.
It might technically be possible for Google to identify at least individual Users based on the data received. It might be possible that personal data and personality profiles of Users of the website could be processed by Google for other purposes over which we have no control.
The legal basis for the processing of the data is Article 6(1)(a) GDPR. Google Maps is used for the purpose of making it easier to find the places indicated on our website.
8. Provision of the website
When accessing our website, the following data is stored in log files: IP address, date, time, browser request and generally transmitted information about the operating system or browser.
The legal basis for the temporary storage of the data and the log files is Article 6(1)(f) GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the User’s computer. For this purpose, the IP address of the User must remain stored for the duration of the session. The log files on the web server are deleted after seven days.
9. Storage duration of personal data
We only store the personal data of the data subject for as long as the purpose of the storage exists or for as long as there is a statutory retention period. If the processing is based on the data subject's consent, the data will only be stored until the data subject revokes his or her consent, unless there is another legal basis for the processing. For your protection, the processing and storage of data takes place exclusively in the European Economic Area.
10. Data security
We take appropriate technical and organisational security measures to protect your personal data from unauthorised access and misuse, including by issuing instructions, through training, IT and network security solutions, access controls and restrictions, encryption of data carriers and transmissions, pseudonymisation and controls. Appropriate contractual agreements exist with external service providers for their data processing, which ensure data security.
11. Right to rectification and erasure of personal data
The data subject has the right to demand that we rectify any inaccurate personal data relating to him or her without undue delay. The data subject also has the right to demand that we erase personal data relating to him or her without undue delay as soon as the purpose of the storage no longer applies or, if the processing is based on the data subject's consent, if the data subject revokes his or her consent and there is no other legal basis for the processing.
The personal data of the data subject will furthermore be erased if he or she objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or if the personal data have been processed unlawfully.
However, erasure will not take place in the cases outlined above if the processing of the personal data is necessary for STF Swiss AG to comply with a legal obligation imposed on it by the national or European legislator or if the continued storage of the personal data is necessary for the assertion, exercise, or defence of legal claims.
12. Right to object
If the processing of personal data is based on the data subject’s consent, the data subject may withdraw his or her consent at any time. The processing of personal data carried out until the objection remains lawful despite the objection.
13. Right to information
The data subject shall have the right to obtain confirmation from STF Swiss AG as to whether personal data concerning him or her is being processed. If this is the case, the data subject has the right to information about the nature of the personal data and purposes of processing. The data subject shall also have the right to be informed about the duration of the planned storage of this data or the criteria used to determine the storage period.
14. Right to data portability
The data subject shall have the right to obtain the personal data concerning him or her that he or she has provided to STF Swiss AG in a structured, commonly used and machine-readable format.
15. Right to lodge a complaint
In addition, every data subject has the right to enforce his or her claims in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragte).
As of: May 17, 2022