Privacy Statement
Schmiedewerk Stooss AG takes data protection very seriously and treats any of your personal data that is collected prior to entering into a contract, for the purpose of entering into a contract or for contractual performance either through the websites <www.stooss.com>/<www. stooss-germany.de>/<www.stoossusa.com> (hereafter the “Website”) or otherwise in accordance with applicable data protection law, according to the standards laid down by the EU General Data Protection Regulation (hereafter “GDPR”), the Swiss data protection law, the Swiss data protection regulation and the regulation privacy certifications and in accordance with the principles described below.
Personal data means all data concerning an identified or identifiable natural person, e.g. name, address, email addresses, usage patterns.
The controller for the purposes of the data processing described in this Privacy Statement is Schmiedewerk Stooss AG, Maienbrunnenstrasse 8, 8908 Hedingen, Switzerland (hereafter, “Schmiedewerk Stooss AG” or “we”). To the extent that Schmiedewerk Stooss AG falls within the scope of the GDPR, Schmiedewerk Stooss GmbH, Rohrstrasse 15, DE 58093 Hagen, Germany is its representative pursuant to Article 27 GDPR.
This Privacy Statement is intended to inform our customers and website users of the nature, extent and purpose of any collection and usage of your personal data by Schmiedewerk Stooss AG.
The General Terms and Conditions of Business of Schmiedewerk Stooss AG shall also apply, as amended from time to time.
I. Collection of data along with the extent and purpose of data processing on customer relations grounds
The personal data collected by us within the ambit of business relations with customers includes the following information:
- contact details: company name, surname, first name, address, internet address, telephone number, email address, language
- contract data: orders (quantities, locations, end customers, etc.)
- payment information: account information, incoming and outgoing payments
- as the case may be, information concerning compliance with statutory requirements
- all further information provided by you within correspondence
We only collect, process and use personal data to the extent necessary for the establishment, substantive arrangement or alteration of the contractual relationship, contractual processing (including in particular order processing / service provision), the maintenance of technical operational security, compliance with statutory duties as well as invoicing and collection. In addition, Schmiedewerk Stooss AG uses your personal data for the following purposes:
- direct marketing
- the optimisation of content and infrastructure.
Where the processing of personal data is necessary in order to enter into a contract or for the performance of a contract, the data processing described above is carried out on the basis of Article 6(1)(b) GDPR, which permits the processing of personal data for the purpose of the performance of a contract or to take steps prior to entering into a contract. Any further processing of personal data only occurs with your consent or if necessary in order to uphold our legitimate interests (Article 6 (1) (a) and (f) GDPR).
II. Collection of data along with the extent and purpose of data processing in relation to the Website
1. Visiting the Website
If the Website is used for purely information purposes, i.e. if you do not transfer any information to us either by email or otherwise, we collect the following data, which your browser transmits to our server. This is technically necessary in order to display our Website to you and to ensure the stability and security of our website (legal basis: Article 6 (1) (f) GDPR):
- the user’s IP address
- the data and time of access
- the content of the request (specific Website)
- access status/HTTP status code
- the quantity of data transmitted
- the source/referrer from which you arrived at our Website
- the browser used
- the operating system used
- the language and version of the browser software
These so-called server log files are stored for a maximum of 2 years and are thereafter erased. Data are stored on security grounds in order e.g. to be able to investigate abuses. If data must be collected as evidence, they will not be erased until the case has been definitively investigated.
2. Handling contact data
You can contact us by email. Your personal data, such as your name and email address and the message sent by you will be stored so that we can refer back to it in order to process and answer your enquiry. These data will not be used for other purposes (e.g. email marketing) without your express consent.
This Website uses SSL or TLS encryption for security reasons and in order to protect the transfer of confidential content, such as for example orders or enquiries submitted by you to us as the Website operator.
3. Coverage measurement and usage of cookies
This Website uses cookies for the anonymised measurement of coverage, which are transmitted to the user’s browser either by our server or by the third party server. Cookies are small files that are saved on your end device. Your browser accesses these files. Using cookies makes this Website more user-friendly and secure. Cookies cannot run any programs or transfer viruses to your computer.
You can configure your browser settings accordingly and e.g. refuse to accept third party cookies or all cookies. Please note that, should you do so, you may not be able to use all functions of this Website.
4. Google Analytics
We use the web analysis service Google Analytics in order to analyse visitor figures for our Website. This is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereafter “Google”), by which we are able to measure and assess usage of the Website (although not with reference to specific individuals). Cookies are also used for this purpose. We use Google Analytics with an IP anonymisation function. In this case, your IP address is abbreviated by Google and thereby anonymised, with the result that it is no longer possible to make inferences in relation to any specific user. The underlying records concerning your visit to our Website will be automatically deleted after 26 months.
You can prevent these data from being recorded by installing a browser add-on on the following website and thus objecting to future processing: https://tools.google.com/dlpage/gaoptout?hl=en. Further information concerning how user data are handled may be found in the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
5. Google Maps
This Website uses the map service Google Maps through an API (application programming interface). The provider is also Google. In order to use the functions of Google Maps it is necessary to save your IP address. This information is normally transferred to a Google server in den USA and stored at that location. The provider of this Website does not have any influence over this transfer of data.
Google Maps is used in the interest of presenting our online content in an appropriate manner and making the locations indicated by us on the Website easier to find. This constitutes a legitimate interest pursuant to Article 6 (1) (f) GDPR.
Further information concerning how user data are handled may be found in the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/.
6. Google Web Fonts
This Website uses so-called web fonts provided by Google in order to ensure the uniform display of fonts. Whenever the Website is visited your browser uploads the required web fonts into your browser cache in order to display text and fonts correctly.
For this purpose, the browser used by you must establish a connection with the Google servers. This enables Google to establish that our Website has been visited from your IP address. Google Web Fonts are used in the interest of ensuring the unitary and appropriate presentation of our online content. This constitutes a legitimate interest pursuant to Article 6 (1) (f) GDPR.
If your browser does not support Web Fonts, a standard font will be used by your computer.
Further information concerning Google Web Fonts may be found at https://developers.google.com/fonts/faq and in the Google Privacy Policy: https://www.google.com/policies/privacy/.
7. Matamo
We use the tracking system Matamo (formerly PiWiK) on this Website in order to assess visitor numbers. This is an open source program. Cookies may also be saved for this purpose. This collection of data supports us in relation to the operation and improvement of technical infrastructure, although may also be disabled if specifically desired. Data are collected on a pseudonymised basis, with the result that no inference to any specific visitor is possible. The underlying records are moreover deleted after 180 days. An opt-out mechanism for visitors to this Website is also available at: https://tracker.cmsbox.com/index.php?module=CoreAdminHome&action=optOut&language=en
8. reCaptcha
The forms used on this Website are protected against unauthorised automated submissions by Google reCaptcha v3, a service offered by Google. It is indispensable on a technical level that various personal data are transferred to Google for this purpose. Google has undertaken to guarantee appropriate data protection. For this reason, a corresponding note (“protected by reCaptcha”) with a link to the Google Privacy Policy is included in every form.
III. Disclosure of personal data to third parties and cross-border disclosures of data
Your personal data will not be sold, leased or traded by us. We shall only disclose personal data to third parties in order for them to be processed for our purposes or for such parties’ own purposes if this is necessary having regard to order processing, in relation to our own business operations or direct marketing, and provided that such action is permitted by law and is deemed by us to be reasonable.
We also disclose your personal data to our group companies nationally and abroad (EU, CH, USA), provided that they undertake to process the personal data in accordance with this Privacy Statement and applicable data protection law and thus to guarantee equivalent protection for personal data.
Unless required under the terms of a statutory obligation or an order issued by an administrative body or a court of law, personal data will otherwise only be disclosed to third parties with your consent.
Personal data are only transmitted to countries that do not have appropriate statutory rules on data protection in the event that suitable contractual guarantees have been obtained or in accordance with a statutory exception, such as for example consent, the establishment, exercise or enforcement of legal claims or the performance of a contract.
IV. Rights of data subjects
As a customer or user, you have the right at any time, upon request, to obtain free of charge information as to which personal data concerning you have been saved. You also have the right to rectify any incorrect data and to restrict processing or to erase your personal data, unless precluded by a statutory duty of retention. In addition, consent to the collection and processing of data may be withdrawn at any time with future effect. If applicable, you can also exercise your right to data portability. Requests for information, rectification and erasure, the revocation of consent to data processing or requests for data portability may be submitted at any time by ordinary post or email to the contact address mentioned below. Should you take the view that your data have been processed unlawfully, you may submit a complaint to the competent supervisory authority.
V. Duration of storage / erasure of data
Unless your request is at odds with a statutory duty to retain data, you have the right to obtain the right to the erasure of your data. In the event that they are no longer necessary for their intended purpose, any data saved by us will be erased, unless they are subject to statutory retention periods. In the event that erasure is not possible on the grounds that the data are required for statutory purposes, a restriction on data processing will be applied. In such an eventuality, the data will be blocked and will not be processed for any other purposes.
VI. Right to object
As a customer or a user of this Website, you can exercise your right of objection and can object to the processing of your personal data at any time with future effect.
VII. Data security
We protect your personal data by appropriate organisational and technical security measures, in particular against unauthorised third party access and abuse. We keep these measures constantly under review and, if necessary, change them in order to contain possible risks and to prevent unauthorised use. However, we cannot guarantee that data will not be lost, misused or altered. In such cases, we shall take the action required by law and inform data subjects and the authorities promptly and in a transparent manner.
VIII. Contact person
If you have any questions concerning data protection at Schmiedewerk Stooss AG, or would like to request information or the erasure of your data, please contact:
Schmiedewerk Stooss AG
Corinne Maag-Stooss
Maienbrunnenstrasse 8
CH-8908 Hedingen
datenschutz@stooss.com
Schmiedewerk Stooss AG
Data protection officer
Jens Puchinger
Maienbrunnenstrasse 8
CH-8908 Hedingen
datenschutz@stooss.com
In the event that Schmiedewerk Stooss AG falls within the scope of the GDPR, you can contact our representative in the EU pursuant to Article 27 GDPR:
Schmiedewerk Stooss GmbH
Data protection officer
Sebastian Knust
Rohrstrasse 15
DE 58093 Hagen
datenschutz-gmbh@stooss.com
In addition, you have a right to complain to the competent supervisory authority.
IX. Changes to the Privacy Statement
It may be necessary to amend this Privacy Statement as a result of developments in the legal framework conditions and due to technological progress. We therefore reserve the right to amend this Privacy Statement at any time at our discretion and without prior notice. The relevant applicable Privacy Statement may be downloaded by you at any time from our Website.
Valid from: July 6, 2023