Products & Services for

Privacy Policy

Thank you for your interest in our website. The protection of your privacy in the processing of personal data and the security of all business data are important matters that we consider in our business processes. Here we will inform you in detail about the handling of your data.

RESPONSIBLE ACC. ART. 4 ABS. 7 EU DATA PROTECTION REGULATION (GDPR)

Carl Stahl GmbH
Tobelstraße 2
73079 Süßen
Germany
Phone: +49 (0) 7162 / 4007 – 3000
E-Mail: het-webshop@carlstahl.com 
Webseite: www.carlstahl.com/de/de/

DATA PROTECTION OFFICER OF THE PERSON RESPONSIBLE

Dr. Ralf W. Schadowski
Email: datenschutz@carlstahl.com
Phone: +49 241 / 44688 25

§ 1 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

(1) As far as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis.

(2) Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract, whose party is the data subject. This also applies to processing operations, which are necessary to carry out pre-contractual actions.

(3) As far as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

(4) If essential interests of the data subject or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

(5) If the processing of personal data is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR will serve as the legal basis for the processing.

§ 2 DATA ERASURE AND STORAGE DURATION

(1) The personal data of the data subject will be deleted or blocked as soon as the purpose of storage is cancelled.

(2) Furthermore, data may be stored if this has been provided by the European or national legislator in EU regulations, laws or other provisions to which the person responsible is subject.

(3) The data will also be blocked or deleted if a storage period prescribed by the standards expires, unless further storage of the data is required for the conclusion or the performance of a contract.

§ 3 INFORMATION ON THE COLLECTION OF PERSONAL DATA

(1) In the following, we will inform you about the collection of personal data when using our website. Personal data are all data that can be referred to you personally, e.g. name, address, e-mail addresses, user behavior.

(2) When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, if applicable your name and your telephone number) will be stored by us to answer your questions. We delete the data arising in this context after the storage is no longer necessary or limit the processing if statutory obligations of retention exist.

(3) If we make use of contracted service providers for individual functions of our offer or if we would like to use your data for advertising purposes, we will inform you in detail about the respective processes as outlined. We also specify the defined criteria concerning the storage period.

Collection of personal data when you visit our website
When using the website for information purposes only, i.e. if you do not sign up or otherwise provide us with information, we will only collect those personal data that your browser transmits to our server. If you would like to view our website, we will collect the following data, which are technically necessary for us to display our website to you and to guarantee stability and security (legal basis for this is Art. 6 Para. 1 S. 1 lit. f GDPR):

Use of Cookies

§ 4 FURTHER FUNCTIONS AND OFFERS OF OUR WEBSITE

(1) In addition to the purely informational use of our website, we offer various services, which you can use if you are interested. If this is the case, you must usually provide further personal data, which we use to perform the respective service and to which the data processing principles apply. Mandatory fields are marked with an asterisk. Providing information in fields not marked in this way is optional.

(2) When you contact the service provider by e-mail or via the contact form, we store your e-mail address and, if you specify this, your name, your telephone number and [...] will be stored by us to be able to answer your questions.

(3) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, they are bound by our instructions and are regularly checked.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

§ 5 RIGHTS OF THE DATA SUBJECT

Below you will find information on your rights as a person concerned according to Art. 15 GDPR. You can exercise these rights at any time and you can contact us directly. If you demand these rights from us, we will examine them in detail, considering the related legal requirements and restrictions. In this context, we may ask you for further information. We will explain the results of our examination and our procedure for fulfilling your request. It is possible that we may not be able to meet your wishes completely in the manner you request.

This does not intend to prevent you from claiming your rights from us or from asking us about them. We will be glad to answer all your questions.

(1) Right to information
You have the right to request information from us at any time as to whether and which of your personal data are processed by us. This also includes information on the purposes of processing, if applicable on recipients to whom we have disclosed data about you, on the planned storage period and, if applicable, information on the origin of this data, unless we have collected this data directly from you. In addition, you have the right to a one-time free copy of your personal data stored by us. We reserve the right to charge an appropriate administration fee for these copies.

(2) Right to correction
You have the right to demand from us the correction of any inaccurate information we hold about you. This also includes the right to complete incomplete personal data.

(3) Right to cancellation
You have the right to request the deletion of data that we have stored about you. If we have published data about you, this also includes our obligation to forward your request for deletion, all links to this data as well as copies or replications of this data to other persons responsible for the processing of this published personal data within the framework of the "right to be forgotten" pursuant to Art. 17 para. 2 GDPR, considering available technology and the implementation costs.

(4) Right to limitation of processing
You have the right to require us to restrict the processing of data that we have stored about you. After that, the processing of these data is only possible with your consent or for a few, legally defined purposes.

(5) Right of opposition to processing
If we base the processing of your personal data on the weighing of interests, you may lodge an objection against the processing. This is the case if processing is not necessary to fulfil a contract with you, which is described by us in the respective description of the functions. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we do. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or we will point out to you our compelling reasons worthy of protection, based on which we will continue processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising contradiction using the contact channels listed above.

(6) Right to revoke consent under data protection law
If you have given your consent to the processing of your data, you can revoke this at any time. Such a revocation influences the permissibility of processing your personal data after you have given the former to us.

(7) Right to data transferability
You have the right to receive information about yourself that you have provided to us from us in a structured, common and machine-readable format for the transfer to another person responsible. At your request and considering the available technical possibilities, this also includes the direct transfer from us to the other person responsible.

(8) Right of appeal to a supervisory authority
You have the right to complain at any time to a data protection supervisory authority about our processing of your personal data.

(9) Automated decision making including profiling
You have the right to obtain information on the existence of automated decision-making, including profiling in accordance with Art. 22 para. 1 and 4 GDPR and meaningful information on the logic involved and on the scope and intended effects of such processing for the data subject.

§ 6 SPECIAL FORMS OF USE OF WEBSITES

  1. Use of blog functions

(1) In our blog, where we publish various articles on topics related to our activities, you can make public comments. Your comment will be published with your username. We recommend that you use a pseudonym instead of your clear name. User name and e-mail address are required, all other information is voluntary. If you make a comment, we continue to store your IP address, which we delete after one week. The storage is necessary for us to be able to defend ourselves against liability claims in cases of possible publication of illegal content. We need your e-mail address to contact you if a third party should object to your comment as unlawful. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b and f GDPR. Comments will not be reviewed before publication. We reserve the right to delete comments if they are objected to as unlawful by third parties.

  1. Use of our web shop

(1) If you would like to order in our web shop, it is necessary for the conclusion of the contract that you enter your personal data, which we need for the completion of your order. Required information for the execution of the contracts are marked separately, further information is voluntary. We process the data provided by you to process your order. For this purpose, we can pass on your payment data to our house bank. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

You can voluntarily create a customer account through which we can store your data for later purchases, so that you do not have to enter your data again for each further order. When you create an account, the data you provide will be stored revocably. If you wish to delete your account, please inform us by e-mail to het-webshop@carlstahl.com.

We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information.

(2) We are obliged by commercial and tax law to store your address, payment and order data for a period of ten years. However, after two years we limit the processing, i.e. your data will only be used to comply with legal obligations.

(3) To prevent unauthorized access to your personal data, especially financial data, the order process is encrypted using TLS technology.

§ 7 E-MAIL-BASED INFORMATION SERVICES

  1. Newsletter / Press Distributor

(1) With your consent you can subscribe to our newsletter, with which we inform you about our current interesting offers. The advertised goods and services are named in the declaration of consent.

(2) For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.

(3) The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for sending you the newsletter. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR.

(4) You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in each newsletter e-mail.

§ 8 WEB ANALYTICS

The legal basis for the use of all web analysis tools listed in this section is Art. 6 para. 1 sentence 1 f GDPR, i.e. the protection of our legitimate interests in consideration of the interests of our website visitors. We are interested in analyzing the use of our website by our website visitors to improve our offer and to make it more interesting for you as a user. If the analysis tool used also serves other purposes or of we use it for other interests of ours, we will immediately inform you about this in the explanation of the respective analysis tool.

  1. Use of Google Analytics

(1) This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information about your use of this website, which is generated by the cookies, is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.

(2) The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.

(3) You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data relating to your use of the website (including your IP address), which are generated by the cookie, and you can keep Google from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are further processed in abbreviated form, so that they cannot be referred to you personally. As far as the data collected about you is personal, it will be excluded, and the personal data will be deleted immediately.

(5) For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(6) Third Party Information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001
User Terms and Conditions: http://www.google.com/analytics/terms/de.html
Data Protection Overview: http://www.google.com/intl/de/analytics/learn/privacy.html 
Privacy Policy: http://www.google.de/intl/de/policies/privacy.

§ 9 SOCIAL MEDIA AND OTHER THIRD-PARTY SERVICES

  1. Integration of YouTube-Videos

(1) We integrated YouTube videos into our online offer. The videos are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in the "extended data protection mode", i.e. no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data referred to in paragraph 2 be transmitted. We have no influence on this data transmission. With the integration of YouTube videos, we pursue our interest in making our website more interesting and attractive for our visitors and to achieve a better presentation of contents and/or facts. The legal basis for the use of the plug-in is Art. 6 para. 1 sentence 1 lit. f GDPR

(2) By visiting the website, YouTube receives the information that you have accessed the respective subpage of our website. In addition, the data specified in § 5 of this declaration will be transmitted. This is regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation particularly takes place (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact YouTube.

(3) For more information on the purpose and on the scope of data collection and processing by YouTube, please refer to the privacy policy. There, you also obtain further information on your rights and on setting options to protect your privacy. YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, represented by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Integration of Google Maps

(1) On this website, we use the offer of Google Maps. Our purpose is to increase the attractiveness of our website by displaying interactive maps directly on our website, which enables you to easily use the map function. The legal basis for the use of the plug-in is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) When you visit the website, Google receives information that you have called up the respective subpage of our website. In addition, the data specified in § 5 of this declaration will be transmitted. This is regardless of whether Google provides a user account with which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly linked to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such evaluation takes place (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact Google.

((3) Further information on the purpose and on the scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of the provider. You will also find more information about your rights and privacy settings at: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Integration of Google ReCaptcha

We integrate the function for the recognition of bots, e.g. for entries in online forms ("ReCaptcha") of the provider Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy Policy: https://www.google.com/policies/privacy
Opt-Out: https://adssettings.google.com/authenticated

  1. External payment service providers

(1) We use the external payment service providers Mastercard, Visa, through whose platforms users and we can make payment transactions.

(2) As part of the fulfilment of contracts, we suspend the payment service providers based on Art. 6 para. 1 lit. b. GDPR. Furthermore, we employ external payment service providers based on our legitimate interests pursuant to Art. 6 para. 1 lit. f. GDPR to provide our users with effective and secure payment options.

(3) The data processed by the payment service providers includes inventory data such as name and address, bank data such as account numbers or credit card numbers, passwords, TANs and checksums as well as contract, totals and recipient information. This information is required to execute the transactions. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account or credit card related information, but only information with confirmation or negative information about the payment. The data may be transferred by the payment service providers to credit agencies. The purpose of this transmission is to verify identity and creditworthiness. For this we refer to the terms and conditions and data protection information of the payment service providers.

(4) For payment transactions, the terms and conditions and the data protection information of the respective payment service providers, which can be accessed within the respective websites or transaction applications, apply. We refer to these also for further information and assertion of rights of revocation, information and other interested parties.

(5) Addresses of the respective providers and URL with their data protection information:

  1. a) Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium,
    Privacy Policy: https://www.mastercard.de/de-de/datenschutz.html
  2. b) Visa Europe Services LLC, 1 Sheldon Square, London, W2 6WH, United Kingdom,
    Privacy Policy: https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html
  3. Integration of other third-party services

(1) On this website, we also use offers from Google (fonts). By using these offers, we can offer you a better user experience on our website. This serves our interest in increasing the attractiveness of our website. The legal basis for the use of these offers is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) When you visit the website, the respective third-party provider receives information that you have accessed the corresponding subpage of our website. In addition, the data specified in § 5 of this declaration will be transmitted. This is regardless of whether this third party provides a user account through which you are logged in, or whether no user account exists. If you are logged in to the third party, your data will be directly associated with your account. If you do not wish to be assigned to your profile with the respective third-party provider, you must log out before activating the button. The third-party provider may store your data as a user profile and may use it for the purposes of advertising, market research and/or the demand-oriented design of its website. Such evaluation takes place (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. To exercise this right, you must contact the respective third-party provider.

(3) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the data protection declarations of these providers notified below. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:

(4) Addresses of the respective providers and URL with their data protection information:

  1. a) Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework

§ 10 ONLINE-ADVERTISING

  1. DoubleClick by Google

(1) This website continues to use the online marketing tool DoubleClick by Google. DoubleClick uses cookies to serve ads relevant to users, improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to track which ads are displayed in which browser and to prevent them from being displayed more than once. In addition, DoubleClick may use cookie IDs to collect conversions related to ad requests. This is the case, for example, when a user sees a DoubleClick ad and later visits the advertiser's website with the same browser and buys something there. According to Google, DoubleClick cookies do not contain any personal information. By using this tool, we are interested in showing you advertisements that are of interest to you, to increase the attractiveness of our website for you and to achieve a fair calculation of advertising costs. The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f GDPR.

(2) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and the further use of the data collected by Google using this tool and therefore inform you according to our level of knowledge: By integrating DoubleClick, Google receives the information that you have called the corresponding part of our Internet presence or clicked on an advertisement from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

(3) You can prevent participation in this tracking process in various ways:

  1. a) by adjusting your browser software accordingly, the suppression of third party cookies means that you will not receive any ads from third party providers,
  2. b) by disabling cookies for conversion tracking by setting your browser to block cookies from the "www.googleadservices.com" domain, https://www.google.de/settings/ads, which will be deleted if you delete your cookies,
  3. c) by deactivating the interest-based ads of the providers that are part of the "About Ads" self-regulation campaign via the link http://www.aboutads.info/choices, this setting being deleted if you delete your cookies,
  4. d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of this offer in full.

Alternatively, you can visit the website of the Network Advertising Initiative (NAI) at http://www.networkadvertising.org .

(4) Further information about DoubleClick by Google can be found at https://www.google.de/doubleclick und http://support.google.com/adsense/answer/2839090, as well as data protection at Google in general: https://www.google.de/intl/de/policies/privacy. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

  1. Google Tag Manager

(1) This website uses Google Tag Manager. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The Google Tool Manager only implements tags. The Tag Manager is a cookieless domain. This means that no cookies are used, and no personal data is collected. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.
Privacy Policy: http://www.google.de/tagmanager/use-policy.html

Last updated: 11 February 2019